Re: Self Provisioned AD Domain Guest Accounts

["Schumacher, Adam J." <adamschumacher () CREIGHTON EDU>]

We require guests who need an account in AD to be sponsored by a staff or faculty member.  There is a web application 
where the sponsor can log in and enter information about the guest.  The guest account is then automatically 
provisioned and then de-provisioned after a set amount of time.

::Adam

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jim Pardonek
> Sent: Tuesday, July 24, 2012 11:07
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Self Provisioned AD Domain Guest Accounts
>
> Good Morning,
>
> We have a need to be able to provide a guest presenter with temporary
> credentials that would allow them to log in to a classroom podium PC that is
> on AD. (so the whole CTRL ALT DEL, username and password thing).  The
> problem I am trying to solve is that there is virtually zero support staff
> available at times to hand the guest the id and password.  Does anyone know
> of or has implemented an automated way (Kiosk?) to be able to have the
> guest provide something they know to an application and have that app send
> them the ID and password?  Because of the risks of not knowing who the
> user might be, we are not willing to have the PC autologon.
>
> Thanks,
>
> Jim
>
>
> James Pardonek, CISSP, CEH
> Information Security Officer
> Loyola University Chicago
> 1032 W. Sheridan Road | Chicago, IL  60660
>
> (: (773) 508-6086