AD Generic Login users
Hi,
I have been tasked to create one generic domain user in Active Directory (Windows Server 2012 R2), and the plan is that around 50 different people are going to use this generic domain user.
The reason being that it is a call center, they all move around and nobody has an assigned computer, a single person could be siting in 3 or 4 different computers during the day.
Are there any special considerations regarding this set up?
Or is it just a matter of creating the user and letting them all log in to the domain with the same user at once?
Thanks.
I have been tasked to create one generic domain user in Active Directory (Windows Server 2012 R2), and the plan is that around 50 different people are going to use this generic domain user.
The reason being that it is a call center, they all move around and nobody has an assigned computer, a single person could be siting in 3 or 4 different computers during the day.
Are there any special considerations regarding this set up?
Or is it just a matter of creating the user and letting them all log in to the domain with the same user at once?
Thanks.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi Experts,
If you don't see any issues with this set up please let me know.
I need to do this ASAP.
If you don't see any issues with this set up please let me know.
I need to do this ASAP.
They will act anonymously, which could potentially lead to all sorts of security problems.
For a better judgement, please describe what they will do at their screens.
Surely, technically that will be no problem.
For a better judgement, please describe what they will do at their screens.
Surely, technically that will be no problem.
This is feasible, however it is VERY DANGEROUS. If you have this setup like this someone (one person) using this account can LOCKOUT EVERYONE. All they need to do is type the password incorrectly 5 times (default) and this will lock out ALL of the people using this account. You could also have someone change this password and then no one else will know it. Also the password will expire
If you are going to do something like this I would highly suggest doing the following...
- Enabling Active Directory Auditing
http://www.wsit.ca/how-tos/active-directory/configure-active-directory-auditing/
- Set this Account password to not lockout
- Set the account to never expire
- Set the account to not allow to change password
As i have stated these are going to be something you will need to take in to consideration. However it is best and more secure if each user has their own login.
But as for your question this is acheivable. Just make sure that you follow the points i have listed or this will create many issues for you.
Will.
If you are going to do something like this I would highly suggest doing the following...
- Enabling Active Directory Auditing
http://www.wsit.ca/how-tos/active-directory/configure-active-directory-auditing/
- Set this Account password to not lockout
- Set the account to never expire
- Set the account to not allow to change password
As i have stated these are going to be something you will need to take in to consideration. However it is best and more secure if each user has their own login.
But as for your question this is acheivable. Just make sure that you follow the points i have listed or this will create many issues for you.
Will.
Since everyone will be using the same login, there is no way you can audit who does what. So security is an issue here. If you're willing to sacrifice that, then restrict the account as much as possible, let the account only be able to use the software the user needs for work and do make sure that this account cannot change it's password.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial