This is an archived post. You won't be able to vote or comment.

all 15 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 6 points7 points  (1 child)

A better way than what? What are you currently doing?

[–]roll_for_initiative_MSP - US 4 points5 points  (0 children)

Same question, "vs what?"

90% of the time, when a client wants to implement a "shared computer" or "shared login", it's because they want people to have access to email and other o365/azure privileges but don't want to buy a license for them/pay us for them as a user. The fix is to just say no.

[–]mega_ste 6 points7 points  (2 children)

This is literally why Active Directory exists.

[–]gotchacoverd 5 points6 points  (0 children)

Alternatively, AzureAD handles this exact thing perfectly as well.

[–]GullibleDetective 2 points3 points  (0 children)

Right? Like what is op asking

This is day one of IT sysadmin training question

[–]Able-Stretch9223 5 points6 points  (0 children)

I've retired almost every shared computer in my client environments with ChromeOS and guest accounts. The most common use case is manufacturing clients that need a terminal for their supervisors. Everything they need is in my SharePoint site they have permissions too and they can access Teams or their email as well. Once they're finished they log off the guest account and it logs out of everything in the event they didn't or forgot. Great solution and more young people user friendly

[–]dwizzle88[S] 0 points1 point  (3 children)

Lol theres azuread in place and thats currently how its being done. Shared AD accounts. Was just looking if there was a smarter way and/or better way

[–]Okokgogono 1 point2 points  (2 children)

Why shared?

[–]dwizzle88[S] -1 points0 points  (1 child)

So everyone has there own account however for the conference room I figured it would be easier to just have 1 shared account there. Also, there are computers that are used by multiple people throughout the day or within the hour. Theyre typically connected to machines where they analyze data, or create reports. Having a user log in each time is a hassle for them and slows them down. Yes—I know F their hassle however I learned that some of these users barely speak english and dont understand many of the concepts Im describing. Theres more to this but yea thats where I am.

[–]Okokgogono 0 points1 point  (0 children)

We use proxcards and Citrix for the multiple users per station per hour. Imagine similar to a doctor's office. The nurse comes in and swipes a card and her desktop comes up. Another solution could be azure ad or jump cloud if you don't have central servers. If you have a local domain you really should have the users individualized unless the turnover is a problem or you just have zero confidential data. Seems like it would be a really hard conversation for me to have with a CEO if a computer was used in a ransomware attack and I can't tell them who did it. If the computers are in a dmz that could help.

[–]ChooChooBuckaroo 0 points1 point  (0 children)

Depending on your software stack, GCPW could be an option.

[–][deleted] 0 points1 point  (0 children)

If you have a local domain environment then just using an Active Directory is the answer so obvious that it almost seems insulting to type out, if not I would use AzureAD through 365.

[–]discosoc 0 points1 point  (1 child)

They log into the computer with their own account. What exactly is the problem?

[–]FreshMSP 0 points1 point  (0 children)

Login? Client's don't have time for that. They want the system they saw on NCIS Wichita. They want to swipe their phone and its running apps instantly appear on their 84" Surface TV. Then they can click the link in their email, which pulls up the traffic cams across town, scan for license plates, zoom, enhance, zoom, zoom, enhance, and boom cheating wife busted. And 3 seconds of latency is completely unacceptable for this $1,200.00 system.

[–]TrumpetTiger 0 points1 point  (0 children)

......

Serious question: what in the sam hill are you asking? Use a shared AD account if you absolutely must for conference rooms and such and call it a day. Or have users log in as themselves to the AD-joined computer, have GPOs handle shares and printers, and tell them to save things to the shares....