[ninkendo]

> Primarily authentication, authorization, and accounting[0]. Setting up a new user account on every single computer that an employee may at some point sit at gets very expensive

Why are people using more than one machine?

> Many businesses (if not immediately then eventually) have security concerns that require Administrators have the ability to immediately lock users out of the system or be able to audit recent activity.

Why are the network services tied to login sessions on my machine? I mean, login token invalidation is an interesting problem in general, but every place I’ve worked in the past 10 years, my desktop is not the place where secure things are stored, the services I access are. (And those services are increasingly SaaS and use something like SAML with the directory server for the company.) None of which needs a login token associated in any way with my desktop login.

Perhaps a better phrasing of the question is, why is the demarcation line between the untrusted world and the things you’re protecting on the desktop? And not at the services themselves?

> It can also automate standard settings like network drives, screen lockout settings, homepages, and all sorts of other settings.

Sounds like a bunch of solutions to problems you’re creating for yourselves. Why even do any of these things?

Perhaps an analogy would be helpful:

Say you required all your employees to have smart phones so they could (for instance) get email, log into the timecard/accounting service, etc. You’d need a pretty huge justification to require all of the phones to be managed centrally by your company. Why are desktops different?

(Or perhaps you’d defend even the central management of my iPhone too, in which case I think our perspectives are so far off, I don’t think there’s much convincing either of us can do at this point.)

I used to be an AD administrator for a university and had to manage hundreds of lab machines (maintaining a central hardware-independent image, group policy, tons of settings), so I’m aware of what tools are available for Administration, I’m just saying 9 times out of 10, the best way to administer lots of systems is to not administer them at all.

[kyriakos]

> Why are people using more than one machine?

Ever been in a meeting room? Most companies have shared PCs for meeting rooms. Logging in gives you access to your documents so you can hold your meeting and take your notes back to your workstation.

I'm really surprised you worked in a large business and haven't experienced any of this or the need for standardisation. We use a bunch of systems that all work with AD, it's really a solved problem in a Windows based environment.

[Silhouette]

Most companies have shared PCs for meeting rooms.

Are you sure that's not overgeneralising from your own experience? After all, most companies don't even have dedicated meeting rooms, because they aren't big enough. Of the ones that do, I have rarely seen a dedicated PC in there, and that spans the full range of businesses from five guys in a single office through 200+ person medium enterprises right up to some of the largest companies in the world. Most people just take their own laptops, IME. So while I don't doubt that you may have come across this often, it's not necessarily the way everyone else does it.

In any case, basic AAA for organisational user IDs is hardly rocket science, whether you're running on Windows or Linux.

[kyriakos]

The OP mentioned working in one of the largest companies in the world I find it hard to believe they have no conference and meeting rooms. I think you are over-generalizing using startups as a prototype; the enterprise world is a different beast.

[Silhouette]

As I wrote before, I've also worked in some of the largest companies in the world. Obviously those do have meeting rooms in their offices, but IME people typically just bring their own laptops/devices to a meeting. I can't remember the last time I saw a dedicated PC that stayed in a meeting room, other than maybe ones used to run projectors and such in a conference centre that was hired out.

[samdixon]

Man you're practically one step away from saying "Why even have a business? It just creates more problems."

edit: I mean are you really asking why not have network shares or screen saver timeouts for your environment? It's a bit hard to take you seriously saying things like that.