AD Generic Login users

Hi,
I have been tasked to create one generic domain user in Active Directory (Windows Server 2012 R2), and the plan is that around 50 different people are going to use this generic domain user.

The reason being that it is a call center, they all move around and nobody has an assigned computer, a single person could be siting in 3 or 4 different computers during the day.

Are there any special considerations regarding this set up?
Or is it just a matter of creating the user and letting them all log in to the domain with the same user at once?

Thanks.
cargexAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cargexAuthor Commented:
Hi Experts,
If you don't see any issues with this set up please let me know.
I need to do this ASAP.
0
McKnifeCommented:
They will act anonymously, which could potentially lead to all sorts of security problems.
For a better judgement, please describe what they will do at their screens.
Surely, technically that will be no problem.
0
Will SzymkowskiSenior Solution ArchitectCommented:
This is feasible, however it is VERY DANGEROUS. If you have this setup like this someone (one person) using this account can LOCKOUT EVERYONE. All they need to do is type the password incorrectly 5 times (default) and this will lock out ALL of the people using this account. You could also have someone change this password and then no one else will know it. Also the password will expire

If you are going to do something like this I would highly suggest doing the following...
- Enabling Active Directory Auditing
http://www.wsit.ca/how-tos/active-directory/configure-active-directory-auditing/
- Set this Account password to not lockout
- Set the account to never expire
- Set the account to not allow to change password

As i have stated these are going to be something you will need to take in to consideration. However it is best and more secure if each user has their own login.

But as for your question this is acheivable. Just make sure that you follow the points i have listed or this will create many issues for you.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sigurdur HaraldssonSystem AdministratorCommented:
Since everyone will be using the same login, there is no way you can audit who does what. So security is an issue here. If you're willing to sacrifice that, then restrict the account as much as possible, let the account only be able to use the software the user needs for work and do make sure that this account cannot change it's password.
0
cargexAuthor Commented:
Thank you very much, all your comments are valid concerns to have in mind.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.