Kaleb, I have been considering those very suggestions. I'm trying to find out if the ILL file location is the ONLY issue with separate accounts, and I agree that if it is, a shortcut or symlink should be an acceptable solution. It's not entirely up to me, but I'll certainly argue for it. ☺ Thanks, Erich On Thursday, December 14, 2023 at 11:20, Sove67 eloquently inscribed: > Hi Elrich, > > Can't say I have any wisdom on securing shared workstations, but that might > not be the path of least resistance here? > > If the ONLY issue with seperate accounts is saving in a specified location, > there are a two ways I can think of to automate that. > > The easy: Create a shortcut to the correct saving location inside the > default saving location. Users will need to double click each time the save > system kicks them back to the default (which sounds like once-per-session) > > The advanced: Create a symlink ( > https://www.howtogeek.com/16226/complete-guide-to-symbolic-links- > symlinks-on-windows-or-linux/) for each user, between the default > prompted save location, and the desired save location. This way, any > files placed in either place should show up in both places. Think of it > like knocking down a wall between two storage rooms. > > Of course, if there are other reasons your library needs this generic > login, this won't address them. > > Best of luck with your setup! > - Kaleb A (Langara LIT Student) > > On Thu., Dec. 14, 2023, 6:36 a.m. Hammer, Erich F, <[log in to unmask]> > wrote: > >> All, >> >> First, I apologize because this is much more of an IT question than a >> coding question, but I come from an IT/desktop support background with a >> particular interest in security. >> >> How are larger, academic libraries securing your employee-used, shared >> workstations -- specifically, the circulation desk machines and the >> back-end, ILL scanning stations? I have been trying mightily for a few >> years to eliminate the shared-password generic accounts because they >> present a real security/privacy concern. I am running into some real >> road-blocks though, and I'm wondering if anyone here has found solutions >> that work. >> >> Having viewed the chaotic state of the circulation desk with the constant >> churn of employees using the stations, I have conceded that it is better to >> use a generic login than to have folks log in/out constantly. >> >> The ILL employees who do a lot of scanning don't have the rapid-fire >> turnover at their workstations, but they (or their manager) is >> insisting on a generic login because the scans need to be saved in a >> specific, network location and Acrobat has no mechanism to set the >> default save location for all users. (I hate Adobe!) When we have >> tried using personal logins, folks forget, don't notice, or don't know >> about watching that the PDFs are saved in the proper location, and >> those scans have to be redone by someone else or are inaccessible >> within the particular employee's private user profile until they return >> to work (which could be days-weeks with student employees). >> >> In both cases, users still need to sign into services as themselves >> (the LSP -- Alma --, scheduling, wiki documentation, ILLiad, etc.), so >> I'm not really sure what the security advantages are with the generic >> account (especially for ILL scanning). I've had to push settings to >> prevent the browsers (Edge, Chrome and FireFox) from saving passwords. >> I also have automated scripts running to regularly blow away the MS >> Teams configuration to prevent users from using it as someone else. >> (Teams "helpfully" remembers credentials for one-click login even after >> logging out of it and rebooting.) I have not been able to find a way >> to do the same with MS Office, so I have been forced to uninstall it >> completely. Otherwise, everyone who uses it while logged onto the >> computer with the generic account is signed into/owns all the M365 >> documents as the user who first used it (and had to sign into M365). >> >> The lack of Microsoft Office is the particular issue that I'm being >> pressed on to prompt me to post this. I should add that I can't use device >> licenses for M365 (where login/registration isn't required) because they >> only work with Azure Active Directory which we do not have. What are you >> all doing? I've been considering trying to set circ desk systems up as >> mulit-app, auto-login kiosks so at least we don't need to share the generic >> password, but the other problems still remain. >> >> Any feedback is appreciated. >> >> Thanks, >> Erich >> >> >> >> -- >> Erich Hammer Head of Library Systems >> [log in to unmask] University Libraries >> 518-442-3891 University @ Albany >> >> "Faith is the unflagging determination to remain ignorant >> in the face of any and all evidence that you're ignorant." >> -- Shaun Mason