AD Generic Login users

cargex
cargex used Ask the Experts™
on
Hi,
I have been tasked to create one generic domain user in Active Directory (Windows Server 2012 R2), and the plan is that around 50 different people are going to use this generic domain user.

The reason being that it is a call center, they all move around and nobody has an assigned computer, a single person could be siting in 3 or 4 different computers during the day.

Are there any special considerations regarding this set up?
Or is it just a matter of creating the user and letting them all log in to the domain with the same user at once?

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Hi Experts,
If you don't see any issues with this set up please let me know.
I need to do this ASAP.
Distinguished Expert 2018
Commented:
They will act anonymously, which could potentially lead to all sorts of security problems.
For a better judgement, please describe what they will do at their screens.
Surely, technically that will be no problem.
Senior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
This is feasible, however it is VERY DANGEROUS. If you have this setup like this someone (one person) using this account can LOCKOUT EVERYONE. All they need to do is type the password incorrectly 5 times (default) and this will lock out ALL of the people using this account. You could also have someone change this password and then no one else will know it. Also the password will expire

If you are going to do something like this I would highly suggest doing the following...
- Enabling Active Directory Auditing
http://www.wsit.ca/how-tos/active-directory/configure-active-directory-auditing/
- Set this Account password to not lockout
- Set the account to never expire
- Set the account to not allow to change password

As i have stated these are going to be something you will need to take in to consideration. However it is best and more secure if each user has their own login.

But as for your question this is acheivable. Just make sure that you follow the points i have listed or this will create many issues for you.

Will.
Sigurdur HaraldssonSystem Administrator
Commented:
Since everyone will be using the same login, there is no way you can audit who does what. So security is an issue here. If you're willing to sacrifice that, then restrict the account as much as possible, let the account only be able to use the software the user needs for work and do make sure that this account cannot change it's password.

Author

Commented:
Thank you very much, all your comments are valid concerns to have in mind.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial