We have a need for a generic user account that can be used on 5-10 lab desktop computers. The lab computers are used by a bunch of employees to run various tests in our labs. We tried using a local computer account but the engineers need access to server shares and it always asks for credentials, which means some of their private directories are vulnerable to other users. For a variety of reasons, using individual user accounts doesn't work. The IT policy at our company doesn't allow generic user accounts. I don't know Windows 2008 server well enough, but is there any way to create a restricted user account in Active Directory, that we can somehow restrict logins onto these lab computers? I think the concern in the IT department is that if there is a general user account where everyone knows the password, it will create a security hole, and I understand this. I was just hoping there were some user account or group policy options that might be able to restrict this user account to certain machines.