Example scenarios: Windows MultiPoint Server 2012 user accounts
What do you need to do to implement the user account scenario that you chose for your Windows MultiPoint Server 2012 environment? The following tables describe each task to perform to configure user accounts and prepare stations for shared or individual user accounts on a stand-alone MultiPoint Server computer or on networked servers in a workgroup or an Active Directory domain. Choose the scenario that applies to your environment. Then follow the links in the table to complete each required configuration task.
 Note
If you have not yet decided how to set up your user accounts, see Plan user accounts for your Windows MultiPoint Server 2012 environment for more information about how each choice affects users.
Single MultiPoint Server computer in a stand-alone environment (no network)
My users do not need to log on. The stations can be available to anyone who walks up to them. They do not need an individual Windows desktop experience that includes private folders for storing data or personalized desktops.
|
1. Create a single local user account (For instructions, see Create local user accounts in Windows MultiPoint Server 2012.)
2. Allow one account to have multiple sessions
3. Configure stations for automatic logon
|
My users can all share the same user logon. They do not need an individual Windows desktop experience that includes private folders for storing data or personalized desktops.
|
1. Create a single local user account (For instructions, see Create local user accounts in Windows MultiPoint Server 2012.)
2. Allow one account to have multiple sessions
|
My users must have their own individual Windows desktop experience.
|
Create a local user account for each user (For instructions, see Create local user accounts in Windows MultiPoint Server 2012.)
|
Multiple MultiPoint Server computers on a network, but with no domain
My users do not need to log on. The stations can be available to anyone who walks up to them. They do not need an individual Windows desktop experience that includes private folders for storing data or personalized desktops.
|
1. Create a single local user account on each server. (For instructions, see Create local user accounts in Windows MultiPoint Server 2012.)
2. Allow one account to have multiple sessions on each server
3. Configure stations for automatic logon on each server
|
My users can all share the same user logon. They do not need an individual Windows desktop experience that includes private folders for storing data or personalized desktops.
|
1. Create a single local user account on each server. (For instructions, see Create local user accounts in Windows MultiPoint Server 2012.)
2. Allow one account to have multiple sessions on each server.
|
My users must have their own individual Windows desktop experience.
Option A - My users will always use local stations connected to the same MultiPoint Server computer.
Option B - My users will use local stations on more than one MultiPoint Server computer.
Option C - My users will use remote clients on the LAN.
|
Option A - Create a single local user account on each server for the users of that server. (For instructions, see Create local user accounts in Windows MultiPoint Server 2012.)
Option B - Create local user accounts for every user on every server. Note: This means that each user will have a profile on each server. In other words, if they save a file in My Documents while logged onto Server A’s station, they will not see the file when logging onto Server B’s station. (For instructions, see Create local user accounts in Windows MultiPoint Server 2012.)
Option C - Assign each user to a specific MultiPoint Server computer. Create local user accounts for the assigned users on each server. (For instructions, see Create local user accounts in Windows MultiPoint Server 2012.)
|
My users do not need to log on. The stations can be available to anyone who walks up to them. They do not need an individual Windows desktop experience that includes private folders for storing data or personalized desktops.
|
1. Create a domain account to log onto the servers.
2. Allow one account to have multiple sessions on each server.
3. Configure stations for automatic logon on each server.
|
My users can all share the same user logon. They do not need an individual Windows desktop experience that includes private folders for storing data or personalized desktops.
|
1. Create a domain account for a group or for each user.
2. Allow one account to have multiple sessions on each server.
|
My users must have their own individual Windows desktop experience.
Option A - Any user with a domain account can use the MultiPoint Server computer.
Option B - I want to limit which domain accounts can access the server.
|
Option A - No setup is required. By default, all domain users have access to any MultiPoint Server computer on the network.
Option B - Limit the access of domain user accounts to the MultiPoint Server computer. For instructions, see [LINK TK].
|
I want to use local user accounts and manage them separately from my domain accounts. For example, you want someone to manage the MultiPoint server but not the domain or you do not want to give domain accounts to all MultiPoint Server users.
|
Create one or more local user accounts on each server. (For instructions, see Create local user accounts in Windows MultiPoint Server 2012.)
Note: This means that each user account will have a profile on each server. In other words, if they save a file in My Documents while logged onto Server A’s station, they will not see the file when logging onto Server B’s station.
|
Create local user accounts in Windows MultiPoint Server 2012
Three levels of local user accounts can be created in Windows MultiPoint Server 2012: Standard User accounts; MultiPoint Dashboard users, who have limited administrative rights; and full Administrative User accounts.
Use the following procedure to create a local user account on a MultiPoint Server computer. If your environment includes multiple MultiPoint Server computers, and you want the user to be able to log on to any station on any server, you need to create a local user account on each of your servers. That setup has some limitations. In a domain environment, you can also let users use their domain accounts. For an overview of your options, see Plan user accounts for your Windows MultiPoint Server 2012 environment.
 To create a local user account in Windows MultiPoint Server 2012
1. Log on to the server as an administrator, and open MultiPoint Manager.
2. Click the Users tab, and then click Add user account.
The Add User Account Wizard opens.
3. Enter an account name and password for the new user account, and then click Next.
4. Select the type of user account that you want to create:
Standard User - Can log on to a station and perform user tasks, but has no access to MultiPoint Manager or the MultiPoint Server Dashboard, and cannot shut down the system.
MultiPoint Dashboard User - Has limited administrative rights. A Dashboard user can open the Dashboard and perform tasks such as logging users off the system or shutting down the MultiPoint Server computer, but the user does not have access to MultiPoint Manager.
Administrative User Has full administrative rights in MultiPoint Server. For example, an administrative user can run MultiPoint Manager, add and delete users, modify system settings, and update drivers.
5. Click Next, and then click Finish to create the user account.
| Limit users' access to the server in MultiPoint Server 2012
Whether you join the MultiPoint Server computer to an Active Directory domain or you use local user accounts, all users have access to MultiPoint Server by default. Before you allow users to log on to stations in your MultiPoint Server environment, you should restrict access to the server.
Any user in the Remote Desktop Users group can log on to MultiPoint Server. By default, the user group Everyone is a member of the Remote Desktop Users group, and therefore every local user and domain user can log on to the MultiPoint Server. To restrict access to MultiPoint Server, remove the Everyone user group from the Remote Desktop Users group, and then add specific users or groups to the Remote Desktop Users group.
To add or remove users or groups from the Remote Desktop Users group
1. From the Start screen, open Computer Management.
2. In the console tree, under Local Users and Groups, click Groups.
3. Double click Remote Desktop Users, and follow the instructions to add or remove users.
To restrict general access to the server, remove the Everyone group.
To give your MultiPoint Server users access to stations, add each local account or each domain user or group account to the Remote Desktop Users group.
| Configure stations for automatic logon
If you want your stations to be available to anyone – and your users do not need private folders to store their personal data or personalized desktops – you can configure the stations for automatic logon. Auto-logon automatically logs on a user account that has been specified in the auto-logon settings when the MultiPoint Server starts.
To configure a station for automatic log-on
1. From the Start screen, open MultiPoint Manager.
2. Click the Stations tab, and then click the name of the station that you want to configure for auto-logon.
3. In the right pane, click Configure auto-logon.
The Configure Auto-Logon page opens.
4. Select the Auto-logon using the following information check box, and then enter the user account and password to use for auto-logon. Click OK.
Note
The user account that you use for auto-logon must have a password.
|
Note
To temporarily log on to a station that is set up for automatic logon with a different user account, hover over the top right corner of the screen to display a vertical menu, click the Settings charm, click the Power icon, and then hold the SHIFT key and click Disconnect. Hold down the SHIFT key until a logon prompt appears.
Allow one account to have multiple sessions
To enable a group of users use a shared account on multiple stations at the same time, configure the Windows MultiPoint Server 2012 computer to allow one account to be logged on to multiple stations simultaneously. By default, if a user logs on to a second station with a shared user account, the user account is logged off the first station.
To configure the server to allow multiple session per account
1. From the Start screen, open MultiPoint Manager.
2. Click the Home tab.
3. In the Computer column, click the name of the MultiPoint Server computer, and then, in the right pane, click Edit server settings.
4. Select the Allow one account to have multiple sessions check box, and then click OK.
|
|
