Sign in with
Sign up | Sign in
Your question

Employee logins

Last response: in Business Computing
Share
June 6, 2012 5:21:18 PM

Hello, I was just put in a system admin position at a small business and my boss wants me to implement a login system for everyone's computers that lets the admins know when they logged in and out.

I tried using active directory to make a domain and setting up new users, but its not really what we need. Since users might use multiple PCs throughout the office in a given day. I can't have them making their personal profiles over and over again on different PCs. Plus it takes way too much time to log into a user's personal profile every time they sit down. So....

Is there maybe some easy software I can implement on everyones' computer that just lets them log into whatever PC their using. Since no one really has their "own" PC. Or maybe something in Active Directory that I'm missing that just lets people log straight into the PC, using a login/password, but not into their personal profile. Just whatever the PC was to begin with.

More about : employee logins

June 6, 2012 5:31:43 PM

Active Directory is the right tool for the job, you just need to configure each PC to look for the user profiles (including the Documents) on a common machine such as a file server
June 6, 2012 5:39:50 PM

You can do this through Active Directory. If you didn't already have the computers this environment might be good for thin clients.
Related resources
June 6, 2012 5:40:55 PM

Ok, so when the employee sits down and enters in their login and password the PC will load up the default login instead? That would be exactly what I need. That way their logged into their personal domain name, but they are using the default PC profile (whatever it was) instead.
June 6, 2012 5:42:31 PM

In Active Directory, in a user's properties, there will be a Profile tab. You can use the fields on that tab to create roaming profiles and user directories on a file server. If you set that up correctly the user's profile will be copied to each computer they log into and you can have their documents all stored on your file server so they can access them from any computer they can log into.
June 6, 2012 5:45:10 PM

akopp21 said:
In Active Directory, in a user's properties, there will be a Profile tab. You can use the fields on that tab to create roaming profiles and user directories on a file server. If you set that up correctly the user's profile will be copied to each computer they log into and you can have their documents all stored on your file server so they can access them from any computer they can log into.


I don't need that. I'll try to explain better. It's a 20 person company, but all the PC stations are attached to different equipment that people use on a daily basis. They don't need their personal files, or profiles, or anything of that nature to go with them when they sit at another PC to do work.

So multiple people might be working on the same project, and they have to resume from where the previous user left off. So I can't have users logging in and out with different files of the same project.


They just need to be able to log in to a computer so we know when they are working.
June 6, 2012 6:02:49 PM

Are you sure your leadership is looking at the right measurement? Just because someone is logged in does not mean they are working.

If productivity is the target then login is not the appropriate measurement.
June 6, 2012 6:16:21 PM

You should be creating a shared drive that only certain people can access on your server.

For example:

10 people work in finance - so you would create a X:\Finance that only they can access.

10 people work in projects - in the same X:\Projects drive you could have it locked down to only the projects people.

That way - they open up "My computer" and they will have a drive other than the local one (it will be a network drive).

Plus - you can add those folders to your daily back up so they do not lose anything.

Domain user's shouldn't be saving work in their local desktops.

Also not exactly sure how to see when someone logs on or off. However I will link a reference for log on/log offs:

http://social.technet.microsoft.com/Forums/en-US/winser...
June 6, 2012 6:17:00 PM

sdweim85 said:
I don't need that. I'll try to explain better. It's a 20 person company, but all the PC stations are attached to different equipment that people use on a daily basis. They don't need their personal files, or profiles, or anything of that nature to go with them when they sit at another PC to do work.

So multiple people might be working on the same project, and they have to resume from where the previous user left off. So I can't have users logging in and out with different files of the same project.


They just need to be able to log in to a computer so we know when they are working.


This is exactly what Active Directory and other LDAP programs do. They allow anyone to authenticate against a centralized authority rather than individual machines
June 6, 2012 6:19:12 PM

po1nted said:
Are you sure your leadership is looking at the right measurement? Just because someone is logged in does not mean they are working.

If productivity is the target then login is not the appropriate measurement.


I agree, logins should not be used as a timeclock method.

It also sounds to me like you are not running your computers on a domain.
June 6, 2012 6:25:28 PM

Pinhedd said:
This is exactly what Active Directory and other LDAP programs do. They allow anyone to authenticate against a centralized authority rather than individual machines



The best that you can do is look-up "last logon" but I've found that to not be accurate because of replication and such,
It also requires that a person logon and logoff of the computer each and every time to "checkin" as a timeclock. I do not think that this is accurate, and it probably is not legal, as it is not designed to be a "Timeclock."
June 6, 2012 7:38:11 PM

Its not a substitute for a timeclock, we have a timeclock. But just because someone is clocked in and at their desk does not mean they are working.

Regardless though, I agree that no one should be saving ANYTHING to their desktops. All saved work should be on a server to be backed up.

The PCs are not on a domain. They are literally purchased, turned on, and used. I'm going to change that though. Too many security risks that way.

I'm currently in the process of implementing a backup system for our server (since they didn't have one), and making everyone become active directory users with their own personal profiles saved to a file server just has to happen. It'll be better in the long run for security purposes.

I'm fresh out of college, and they put me in a system admin position (with no system admin superior) to save money. So although this is familiar to me on paper, I have to teach it to myself. This place is a mess, and I have a lot of work ahead of me. I appreciate all the feedback. Thanks!

June 6, 2012 8:10:32 PM

sdweim85 said:
Its not a substitute for a timeclock, we have a timeclock. But just because someone is clocked in and at their desk does not mean they are working.

Regardless though, I agree that no one should be saving ANYTHING to their desktops. All saved work should be on a server to be backed up.

The PCs are not on a domain. They are literally purchased, turned on, and used. I'm going to change that though. Too many security risks that way.

I'm currently in the process of implementing a backup system for our server (since they didn't have one), and making everyone become active directory users with their own personal profiles saved to a file server just has to happen. It'll be better in the long run for security purposes.

I'm fresh out of college, and they put me in a system admin position (with no system admin superior) to save money. So although this is familiar to me on paper, I have to teach it to myself. This place is a mess, and I have a lot of work ahead of me. I appreciate all the feedback. Thanks!


Sounds like you've got a really good handle on things. Good sysops can make a boatload of money for doing very little. Keep doing exactly what you're doing. You really should master the art of the cost-benefit analysis, that'll come in handy later on
June 6, 2012 8:19:45 PM

LOL, being logged into a computer doesn't prove that they are working either....
If they mostly do calls from a hotline, then an aux system would be better to implement.
June 6, 2012 8:26:51 PM

danny2000 said:
LOL, being logged into a computer doesn't prove that they are working either....
If they mostly do calls from a hotline, then an aux system would be better to implement.


Lol, we do production. So measuring if someone is working or not comes down to consistency in hitting the proper numbers. Unfortunately no project is the same, so the more experienced people make estimates on how long something will take, and if the employee is not matching up with that number then they better than a reason as to why.
June 6, 2012 8:31:53 PM

Not related, but my first day they had me configure a Cisco router with DSL for a backup WAN. I thought my mind was going to explode. 2 weeks later after I put it on the back burner I called up Verizon and they said that our DSL line was canceled last year. Love upper management letting me know these things.
June 6, 2012 10:36:43 PM

Haha Best of luck with this, and yes, never assume anything. Management are not always 'accurate'.

A network drive with separate folders and permissions for users to access specific folders seems like the best. As Chainzsaws stated.

The only problem I see is how do you stop employees accidentally or lazily saving it to the local drives and then cause frustration with the next person to use that file/computer. Also will it be able to be accessed from multiple locations/computers, if so how will it affect currently opened copies.

Just my 2c from a brief experience of network drives. I am not a network admin.
June 7, 2012 5:51:52 PM

I can lock the local drives so they can't use them. Also set permissions for where they are saving so only one user can have it open at once.
June 13, 2012 12:39:43 AM

Group Policy, AD, and separate OU's are your best options for a windows only environment. You will need 2-3 servers for what you are looking to do (DC, File Server, Backup/Storage). I would google the type of policies you are looking to do for locking down the PC's.
!