sharing the admin account

So we have some machines we are sharing using Administrator. We do that so we can just log each other out and continue what the last person was doing. Security director wants us to have our own admin accounts.
That would prevent us from doing the "continue from where the last person" was thing. Is there a way around it and keep security director happy?
LVL 17
Tiras25Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
If something goes wrong, you do not know what happened in terms of people because they are sharing an account.

There is no such thing really as a shared account - Windows see it as one person.

Set up accounts for everyone (individually) and tell people to log off or else use Windows 7 to switch accounts. That keeps existing accounts logged on.  That will work.
0
Tiras25Author Commented:
that won't continue what the last person was doing.
0
NVITCommented:
> ...continue what the last person was doing
If you mean, like if the last person had certain program running or windows open? If so, I don't think there is a way except  by taking and sharing notes, whether via paper or electronic, e.g. wiki, web page, email...
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

JohnBusiness Consultant (Owner)Commented:
There isn't any way to continue the same thing except (as you are doing) use the same account, which is undesirable.

Documents can be shared on a server, so that is another way around it. With Office 2016, multiple users can use the same document.
0
Alan HendersonRetired marine engineerCommented:
It also depends upon what you're sharing. If it's Office docs there are several ways of sharing including Microsoft Office and Google Docs. Here's a useful article:

http://mashable.com/2009/02/21/online-document-collaboration/#yd0U1Prw7uq0

Or you can use the sharing capabilities of Cloud services like Dropbox or OneDrive:

https://www.dropbox.com/en/help/19
0
Mike TLeading EngineerCommented:
Hi,

First, the security director is right. No-one at all ought to be doing "work" logged in as admin. This is even more true if you mean the account named "Administrator".

If, by work, you don't mean IT work, but actually mean writing documents in Office or OneNote or creating spreadsheets then I would just suggest you save the files to a common area - whether that's a share on a server, in SharePoint or, worst case in the Public documents on a local machine.

Since we have no info on how big your company is, or what you're trying to work on etc. it's hard to recommend what's best; not sharing a computer account however is pretty much essential. You have no separation of who does what, so if someone does something "bad" no-one except the culprit will know who it was. That is not a good position to be in. If the "bad" thing is something illegal then you're in a world of pain.

Computer accounts are there for that reason. To identify individuals and the things they do and restrict them from doing/seeing the wrong things by permissions.

All accounts need to be "standard users" to begin with. The administrator account is only for emergency use.

Mike
1
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Members of the Admin group should be able to take over the session of another user. IIRC you still need the password of that user, and that makes the usage of the correct (separated) admin account optional if all admins know the password of the other ones. However, RDP connections are logged in event logs together with client info, so that makes it an audit trail.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.