1

On our network, there are a few desktop computers that run software that monitors calls placed using our PBX. The software needs to run in a user context, so there is a domain account created for each of these desktops. They are left logged in all the time with the screen locked.

The software also has a reporting feature built in, so every few days a staff member logs into that computer to perform a report, then sends it to a manager. Because the person who regularly does this is sometimes away, there are actually about three people that need to know the password to log into this machine.

There are several problems I would like to address:

  • If the computer is restarted, I need to manually log-in all the accounts.
  • Users can barely remember one good password, let alone two.
  • Best practice dictates a 1-1 mapping between people and accounts for auditing purposes.

Have you encountered any software like this, and if so, how have you dealt with it? The only idea I've been able to come up with is finding better software. I'd like to avoid that route if possible.

Nic
  • 13,425
  • 17
  • 61
  • 104

2 Answers2

2

For starters you should try to run the application as a service, so that you don't need to have the machines logged into all the time. I'm sure this is not possible with the software itself but you can use a number of methods to get around that. I generally use srvany. This will also solve the problem of starting th esoftware after a reboot.

Quite often the reporting software can be installed and run on a separate machine, so that's worth investigating as well. Ideally the machine(s) running the monitoring software would reside in a server room or other secure area, therby eliminating most of your issues. Beyond that you can use normal file and folder permissions to limit who can get to the software. Then the permissions can be adjusted to grant access as and when necessary.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
0

It's not really an answer to your question, but the similar situation we have is some machines in a testing lab that have to be logged in to run the control/data-acquisition applications, but there are multiple technicians, any of whom might be running the equipment on a given day.

We did something similar to you, we created one account for the group that had to run these machines and they all used the same password to log in to any computer. The account was made as limited as possible with minimal access to network resources. In our situation, there are two guys who run the testing lab and they won't forget the password and can remind any of the technicians if necessary.

Ward - Trying Codidact
  • 12,899
  • 28
  • 46
  • 59