General discussion

Locked

Multi User XP on laptop

By Mozster ·
We are in the process of deploying XP and doing the "pool" laptops which staff can book out and borrow to take out of the office so there is no network connection.

Whats the best approach to this? Because the laptop will be borrowed by many users should there just be one local user account that everyone knows the password to so they can use it outwith the office? All its used for on the road is presentations so no one would need profiles for mail accounts etc.
Anyone have any other approaches?

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by HAL 9000 Moderator In reply to Multi User XP on laptop

If that's all that they are going to be used for you could establish a Limited User Account with the same password if required on every LT and just let it go at that. You may not even need a password depending on what it is that is being presented.

When you are looking at units for this type of application you should consider them as Disposable and never place anything on tham that is sensitive. LT's do get stolen quite often and unless you have IBM T40 series LT's passwords are useless as any form of protection to the professional Thief.

The T40 Series of IBM Think Pads is a different story completely though.

Col

Collapse -

by Mozster In reply to

Poster rated this answer.

Collapse -

by Mozster In reply to Multi User XP on laptop

So just setup a local user account called "user" with no password then?
I've implemented a BIOS password which is better than nothing as well I guess.

Collapse -

by ippirate In reply to Multi User XP on laptop

Not to stomp on HAL's answer, just some addtional things you may want to consider.

Utilizing EFS on the box rather than the BIOS password or investing in special equipment.

To add to HAL's direct suggestion I would recommend doing a couple of extras if you are really concerned about data protection.

First, set the machine to the classic logon screen.

Second, disable last used logon display.

Third, change the name of your admin account to avoid brute-forcing, better, disable it and create a new one all together.

Finally, be sure to introduce a recovery and cleanup procedure to ensure that any information left behind by a user is cleaned prior to re-fielding.

One other point, you may want to consider a password change with each return. This will keep your users from just walking in and walking out with it.

Collapse -

by Mozster In reply to

Poster rated this answer.

Collapse -

by zlitocook In reply to Multi User XP on laptop

Both points are great but if the user is using company data or needs to access company information. The laptop needs VPN, and secure access software like Cisco to get into the company's network. A laptop should never have any company information or saved information. If all they need is a Power Point or a Excel file thats ok but they need to log into the laptop while it's on the network to let the server know the user for the laptop and give access to the VPN server.
Also create a laptop or device log out check out sheet for them to sign out on. You can never be to secure.
Also after it comes back it needs to go into a secure AD site so it can be scaned for virus and malware.

Collapse -

by Mozster In reply to

Poster rated this answer.

Collapse -

by CorporateLackie In reply to Multi User XP on laptop

I would also consider capturing a image(s) of the machines and re-image them everytime they are turned in (Symantec Ghost or similar) - once setup this should not be too labor intensive (a single bootable DVD rom should hold the image unless you have lots of special s/w to load)in that way you let every person that checks it out start fresh without fear of spyware, corruption, new user seeing data from last user's mission .....etc

Jim

Collapse -

by Mozster In reply to

Poster rated this answer.

Collapse -

by eblank In reply to Multi User XP on laptop

I think that a single Sign-in would be ok with the following conditions:
I would keep these machines entirely away from the CO's network (Stand alone machines), and have the users load and work from a secure USB drives (ones that have encryption on them with _strong_ passwords). Keep the installation as simple as possible, with the bare minimum of installed programs.
I like the idea of using a VPN solution if the users need access to company files while on the road, but this still opens up back doors to the company LAN should the LT be stolen. If users simply need toaccess their company e-mail while on the road, a web based client might be better (i.e. Outlook Web Access, or even a corporate Yahoo account)
I also second the opinion that a good disk image wil help keep the machiens clean for the next user to get going. With the newer versions of Ghost and similar programs, the systems could be re-imaged everytime they are returned. Again, The use of a USB drive here for the Disk Image (1-4 gig drives) may help to speed the process.

Has anyone here tried booting an OS from a USB pen drive yet? Might be yet another way to go to help secure a LT.

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums