Can a single AD user be in use on multiple machines?

I am new to server administration, and I have a small business with 10 PCs connected to a lan with a 2003 Server on the lan.

Currently we do not take advantage of AD and simply use the 2003 server as a file server with folders shared for everyone to access.

We do not need a separate login for each user.  In fact, that would be counter productive as the users float among the PCs in the office - following patients through the office.  Having to login to every workstation when they used it would slow them down.

I am looking into some software to filter web content and I would like for the owner to have a roaming login so that I can treat her differently than the employees.  Can I have a single AD entry for employee use and have it in use simultaneously on all 10 clients or is there a better way to do this (like assigning an account to each machine and using auto login or giving al logins the same password - since all employees need access to all workstations)?

I need to be able to treat the owner differently to give her separate restrictions when web surfing than the employees have.

Also, do you know of any resources that would explain roaming logins (how they work, how to admminister, etc.)?

Thanks!!
cerkseesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

danubianCommented:
Yes, you can login on multiple computers but this way you lost many features of AD.
Why not use switch user on workstations ? Is not so time consumming...
 
0
Mike ThomasConsultantCommented:
As above yes you can have multiple logins, by roaming logins i think you mean roamining profiles?, all this means is that the profiles is stored on a server and loads/saves to the server rather than a local PC, this means the profile can be loaded  to any PC from the server which will mean it is consistent between PC's that the user is logging onto. However changes are saved back to the server at log off so this might not work well with a single user account logged in to 10 workstations at once.


0
dkumar82Commented:
There is no harm to use single AD account on multiple computers... It will not slow down anything.
The main disadvantage is security... ( If something happened, you cannot identify who done what task because single users granted to multiple logins)

Regarding Web filtering – You can opt for WEBSENCE ( AD integrated) or free ware open DNS

Rimming profile:
http://support.microsoft.com/kb/324749
http://www.youtube.com/watch?v=brzFi9KW5c4&feature=related
http://www.daniweb.com/forums/thread106028.html

Let us know if you are more specific to know anythig?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

moiz19Commented:
yes you can.
0
Rant32Commented:
Using one account for everybody is OK and will work. Do not consider auto-logon for all workstations, that would be rather irresponsible.
If your patients are going near the PCs in the office, especially unattended, make sure to automatically lock workstations (read about Group Policy), and learn people how to use Windows+L to lock the PC when they step away from the desk. Even with a simple password, this will prevent curious people snooping and unlocking takes just a moment.
0
cerkseesAuthor Commented:
I am looking at Race River's Integard (http://www.raceriver.com/Integard_Professional.htm) as a possible solution for web filtering.  It isn;t too expensive and looks to be flexible in how it is used.

The reason I was asking about a roaming profile was for the owner.  She may sit at different computers - depending on what she needs to do.  And, she needs to be uniquely identified to allow Integard to give her a different set of web content filters than the employees.

This is a small dental office.  Ideally every computer would have the exact same desktop - as they all use the same software on all workstations.  But, in this dental office, the employees may sign a person in on one PC, do paperwork on another, scan xrays on a third then the doctors grab that info before doing work on a fourth PC.

The employees are all over the office and the pace is very hectic.  They are all about getting people seen quickly.  Having to log into each PC to work would be unacceptable and unenforcable - there would be no way to tell when they walked away from one desktop to another and they would all simply begin to use one another's logins and just stay logged in at one workstation for the day.

The main goal here is to give the owner a way to differentiate her login on the network for web content filtering.  Also, it would be great to have every desktop the same, but I am not sure how to accomplish that short of a roaming profile - which would probably not work logged in to 10 client workstations at the same time.

As for it not being time consuming to log into a workstation....the employess complain about waiting for a database refresh for 3 seconds.  So it would be a nightmare for them.
0
JamesSenior Cloud Infrastructure EngineerCommented:
Judging by your question, it would be best practice to put certain policies in place. I would strongly recommend Roaming User Profiles. This will allow users to logon to any PC and their Profiles will follow. The Profiles reside on the Server, this makes it secure. Things to look out for when setting up Roaming Profiles is that there is sufficient space on the Server and also the client's desktops, because Roaming Profiles can grow quiet large.

Also regarding web filtering, you can look at this 2 ways - software filtering or hardware filtering. I would personally recommend software filtering. I use Webmarshal which is a very good product by M86 Security. It comes with GUI console and reports so you can view all active sessions on the net and then with reports you can see who is doing what on a chart basis. You can block any site you want, and you can configure who can access the internet and this works via a proxy which you can tie down through Group Policy. You can download a trial version for 30 days at no cost.
0
cerkseesAuthor Commented:
As I said, these people complain about a 3 second refresh of the Dentrix software!

There is NO POSSIBLE WAY that they will be OK will logging into PCs all day long.  Especially when the data that they need to access takes a shorter time to pull up than logging in does.

Raoming profiles for all employees is NOT an option for this environment..  

I looked at Webmarshal's site and saw no prices.  That generally means that it will be too expensive for what it offers and for what they need.  I hate companies that are afraid to put their prices online and won;t even bother to test their software.

The Integard product is only $185 for 10 users per year.  Very reasonable.  I will test it today.
0
Mike ThomasConsultantCommented:
@cerksees It sound like what you want to do is perfectly reasonable and web marshall is a great product but will be pricey.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
The reality is that a true roaming profile requires AD and there is no way around this if you want desktop and data to properly follow a user or group of users.

That being said, I think it's time you present a different solution.  The solution is virtual desktops. The workstations that re currently in the office become thin clients(sort of).  You would then implement XenDesktop(free for up to 10 users and a XenServer also free)  By doing this, each user can leave their desktop profile running and it will always be available to them.

http://www.citrix.com/virtualization/desktop/xendesktop.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.