Thursday, January 27, 2011

Active Directory acccounts in a production environment

We have a production environment with seperate PCs controlling printers, labelers, scanning stations and envelope inserters. Any PC may be used by any one of up to a dozen operators.

We operate under a Windows 2008 R2 domain.

Each operator gets email / wordprocessing etc via terminal services (rdp client).

I'm thinking a common login account for each machine type.

I've seen many comments against shared accounts, but has anyone any better solution to the above scenario? Seperate accounts are problematic since the controller software in some cases only installs for the 'current user'.

Anyone got ideas?

From serverfault Brett

  • You could always setup the software then copy the user profile you used to set it up with over the Default User profile. That would probably get your software to work with any user that signs in.

    From Jason Berg

  • If the software is available as an MSI then you can deploy it to the specific machines via a GPO.

    There are tools that will bundle up EXE installers into an MSI, but I have found them to be hit and miss.

    The only other (but slightly hacky) way to do it would be to record all of the files, and registry keys the installer creates (with procmon) and then bundle all those changes into an MSI.

    From c10k Consulting

  • As a rule... common usernames/passwords is ALWAYS a bad idea. It will quickly turn into the blame game as to who did what & such. That aside... You really should look at making full use of the Remote Desktop features including RDP-Web & remote-app available in windows 2008r2.

    Depending on the workstation, you can also setup fast-user switching if users complain about having to close everything & re-opening everything... that way they simply need to log in once & have their windows where they want them... then can lock their session (manually or on a timer) and another user can log in & do what they need.

    With the RDP-Web stuff all a user needs to do is go to the "company page" ... and login. All running programs carry over... and all the settings stay the same.

    If you're stuck in a situation where you MUST-HAVE a shared workstation... I would cripple it almost to the state of being a thin-client to prevent users from going to myspace/wherever & downloading whatever virii or other improper applications that are out there.

    From TheCompWiz
Posted by Mu Cat at 6:51 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)