0
On ubuntu I can set up a server to only allow a group of users to log in and allow that group to su
and control e.g. a webserver user. Is there a way for me to replicate that flow with Windows, LDAP and remote desktop?
My goal is to have my group of users use their own username and password when RDP-ing instead of knowing that machine's username and password. But allowing them to see and manage one desktop. I guess a VNC like solution with LDAP authentication would work. Though I'm wondering if Windows has support out of the box in Windows8 or 2012.
To clarify - I don't want the users logging in to have their own desktop on that machine. And I don't want a shared user that everyone knows its password. I.e. the shared user would be preferably password-less, or at least the shared user password wouldn't be needed to impersonate it.
RDP doesn't work like that. It's not just a screen capture of the console (or a session), like VNC would do. Why would multiple users need to see the same desktop anyway? What advantage do you feel that gives you? – Ƭᴇcʜιᴇ007 – 2014-08-26T17:48:25.637
"see and manage one desktop" at the same time? Or are you basically wanting to set up aliases for a user? – Jason – 2014-08-26T17:54:02.143
The advantage is the shared user could have a long running UI process that many people can interact with from time to time (i.e. not at the same time). – ubershmekel – 2014-08-26T18:05:11.680
@ubershmekel as long as they don't have to be on at the same time, create a new user for that long-running UI process, log in as the new user, and launch the process. From there, anyone with the new user's password can log in and view the status as long as it's only one person at a time. – Darth Android – 2014-08-26T19:07:07.403
@DarthAndroid - knowledge of a password is what I'm trying to avoid. E.g. would you change passwords for every shared user every time a person leaves the team? The idea is to revoke the not-shared user's privileges instead. – ubershmekel – 2014-08-26T23:13:11.550
@ubershmekel That indeed is the problem with this solution. You would need to find a VNC w/ LDAP solution in that case. Out of the box, Windows applications must run as a specific user, and Windows will only allow them to be accessed by that user while they are running. – Darth Android – 2014-08-27T06:57:32.300