I'm currently working in an organization where everyone uses a shared Active Directory (AD) login for their computers. I need to get everyone switched over to their own logins, but I've encountered a challenge with a handful of remote users who only access the network via VPN and never come into the office. While I could guide each user individually to log into the correct profile, that process could take a long time.
I'm looking for a more efficient solution since all these individuals already have their own AD accounts with known passwords, and I don't want to reset their credentials. I have access to a remote monitoring and management (RMM) tool, so I'm wondering if there's a way to cache AD credentials on their devices without requiring their login information.
Profile migrations aren't an issue, my main goal is to eliminate the use of the shared login without needing users to come into the office. Attempting to have them connect to the VPN with the shared account and then switch accounts hasn't worked because they have difficulty following the instructions to log in as another user. If the solution isn't straightforward, it won't be viable for implementation.
2 Answers
You might not have a dozen users, but it shouldn’t take ages to get them off the shared login, even if you have to do it one by one. If you plan ahead, you could get this done in a week or two without interfering too much with their work.
Have you considered migrating to Azure with hybrid setup and MFA? It could save you some hassle in the long run. Your users will have to adjust to some changes nonetheless, so combining these changes might be worth it.
We're not set up for Intune licensing, so a hybrid approach isn't feasible right now. The company needs to remain on local Active Directory for certain resources. Transitioning to Azure is on the agenda for the future, but we can’t wait to stop using shared logins.
Actually, it’s a couple dozen users, not just a dozen. Plus, management wants this completed all at once for some reasons I can’t disclose here.