Active Directory and dual accounts

bigpanda

Wondering if anyone has any experience with this as I have a request to configure several lab machines to use a shared account for access to Windows. This lab account will have access to some network resources, namely a large portion of data that I need to keep tabs on. As much as I don't like this idea, I'm being asked to find a solution to this.

What I'm thinking right now is some type of secondary authentication similar to an RSA token that they'll need to authenticate with that could be tied to their personal AD account. Once they get past that they'd be able to log in with the lab account for the machine. At least that way I'd have a record of who logged into the machine at a certain time with their personal AD account and they'd be able to run Windows with the shared lab account.

Keep in mind that even though they're using lab equipment and machines these are not really technical people.

Anyone ever have to do something similar?

runethomas

I'm not 100% sure what your trying to do, but why don't you just create a new group of accounts LAB1,2,3 ect... and just note who has what account.
Why does it have to be a shared account?
You could just create a new AD group like "Labgroup", and apply security settings by group instead of each individual account.


You'd probably get a better response if you posted in Moe's Stupid Technology Tavern