Solved

Can a single AD user be in use on multiple machines?

Posted on 2010-08-17
10
385 Views
Last Modified: 2012-05-10
I am new to server administration, and I have a small business with 10 PCs connected to a lan with a 2003 Server on the lan.

Currently we do not take advantage of AD and simply use the 2003 server as a file server with folders shared for everyone to access.

We do not need a separate login for each user.  In fact, that would be counter productive as the users float among the PCs in the office - following patients through the office.  Having to login to every workstation when they used it would slow them down.

I am looking into some software to filter web content and I would like for the owner to have a roaming login so that I can treat her differently than the employees.  Can I have a single AD entry for employee use and have it in use simultaneously on all 10 clients or is there a better way to do this (like assigning an account to each machine and using auto login or giving al logins the same password - since all employees need access to all workstations)?

I need to be able to treat the owner differently to give her separate restrictions when web surfing than the employees have.

Also, do you know of any resources that would explain roaming logins (how they work, how to admminister, etc.)?

Thanks!!
0
Comment
Question by:cerksees
10 Comments
 
LVL 5

Expert Comment

by:danubian
ID: 33452305
Yes, you can login on multiple computers but this way you lost many features of AD.
Why not use switch user on workstations ? Is not so time consumming...
 
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33452331
As above yes you can have multiple logins, by roaming logins i think you mean roamining profiles?, all this means is that the profiles is stored on a server and loads/saves to the server rather than a local PC, this means the profile can be loaded  to any PC from the server which will mean it is consistent between PC's that the user is logging onto. However changes are saved back to the server at log off so this might not work well with a single user account logged in to 10 workstations at once.


0
 
LVL 8

Expert Comment

by:dkumar82
ID: 33452333
There is no harm to use single AD account on multiple computers... It will not slow down anything.
The main disadvantage is security... ( If something happened, you cannot identify who done what task because single users granted to multiple logins)

Regarding Web filtering – You can opt for WEBSENCE ( AD integrated) or free ware open DNS

Rimming profile:
http://support.microsoft.com/kb/324749
http://www.youtube.com/watch?v=brzFi9KW5c4&feature=related
http://www.daniweb.com/forums/thread106028.html

Let us know if you are more specific to know anythig?
0
 

Expert Comment

by:moiz19
ID: 33452348
yes you can.
0
 
LVL 12

Expert Comment

by:Rant32
ID: 33452349
Using one account for everybody is OK and will work. Do not consider auto-logon for all workstations, that would be rather irresponsible.
If your patients are going near the PCs in the office, especially unattended, make sure to automatically lock workstations (read about Group Policy), and learn people how to use Windows+L to lock the PC when they step away from the desk. Even with a simple password, this will prevent curious people snooping and unlocking takes just a moment.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:cerksees
ID: 33452381
I am looking at Race River's Integard (http://www.raceriver.com/Integard_Professional.htm) as a possible solution for web filtering.  It isn;t too expensive and looks to be flexible in how it is used.

The reason I was asking about a roaming profile was for the owner.  She may sit at different computers - depending on what she needs to do.  And, she needs to be uniquely identified to allow Integard to give her a different set of web content filters than the employees.

This is a small dental office.  Ideally every computer would have the exact same desktop - as they all use the same software on all workstations.  But, in this dental office, the employees may sign a person in on one PC, do paperwork on another, scan xrays on a third then the doctors grab that info before doing work on a fourth PC.

The employees are all over the office and the pace is very hectic.  They are all about getting people seen quickly.  Having to log into each PC to work would be unacceptable and unenforcable - there would be no way to tell when they walked away from one desktop to another and they would all simply begin to use one another's logins and just stay logged in at one workstation for the day.

The main goal here is to give the owner a way to differentiate her login on the network for web content filtering.  Also, it would be great to have every desktop the same, but I am not sure how to accomplish that short of a roaming profile - which would probably not work logged in to 10 client workstations at the same time.

As for it not being time consuming to log into a workstation....the employess complain about waiting for a database refresh for 3 seconds.  So it would be a nightmare for them.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 33452444
Judging by your question, it would be best practice to put certain policies in place. I would strongly recommend Roaming User Profiles. This will allow users to logon to any PC and their Profiles will follow. The Profiles reside on the Server, this makes it secure. Things to look out for when setting up Roaming Profiles is that there is sufficient space on the Server and also the client's desktops, because Roaming Profiles can grow quiet large.

Also regarding web filtering, you can look at this 2 ways - software filtering or hardware filtering. I would personally recommend software filtering. I use Webmarshal which is a very good product by M86 Security. It comes with GUI console and reports so you can view all active sessions on the net and then with reports you can see who is doing what on a chart basis. You can block any site you want, and you can configure who can access the internet and this works via a proxy which you can tie down through Group Policy. You can download a trial version for 30 days at no cost.
0
 

Author Comment

by:cerksees
ID: 33452691
As I said, these people complain about a 3 second refresh of the Dentrix software!

There is NO POSSIBLE WAY that they will be OK will logging into PCs all day long.  Especially when the data that they need to access takes a shorter time to pull up than logging in does.

Raoming profiles for all employees is NOT an option for this environment..  

I looked at Webmarshal's site and saw no prices.  That generally means that it will be too expensive for what it offers and for what they need.  I hate companies that are afraid to put their prices online and won;t even bother to test their software.

The Integard product is only $185 for 10 users per year.  Very reasonable.  I will test it today.
0
 
LVL 24

Accepted Solution

by:
Mike Thomas earned 500 total points
ID: 33452707
@cerksees It sound like what you want to do is perfectly reasonable and web marshall is a great product but will be pricey.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33453101
The reality is that a true roaming profile requires AD and there is no way around this if you want desktop and data to properly follow a user or group of users.

That being said, I think it's time you present a different solution.  The solution is virtual desktops. The workstations that re currently in the office become thin clients(sort of).  You would then implement XenDesktop(free for up to 10 users and a XenServer also free)  By doing this, each user can leave their desktop profile running and it will always be available to them.

http://www.citrix.com/virtualization/desktop/xendesktop.html
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now