I have a vendor stating that they won't support the Microsoft Server 2008 R2 Terminal Server they are installing unless all users login using the same username and password. They claim this is to make things easier for the endusers.
Server is standalone and runs both the application (EMR) and the backend databse (MySQL). Each of our offices will get one of these servers. My concerns are 1) security and 2) possible issues with all users using the same user account. Security is an issue as we fall under HIPAA and the DB and all stored documents, which contain PHI, are stored on the TS unencrpyted and without any ACLs limiting access from the generic user account. Vendor says that the DB requires a password to login, so this setup is secure.
I have always required users to have their own accounts when using an RDP, Citix, etc server or server farm, so I don't have any real world experience with a setup like this. Wondering what everyone thinks about this type of setup.
If the files are stored at the filesystem level without user-based encryption and with no ACLs then yes, run away. If ALL data was stored within the database then I would feel slightly less hesitant but even still, any vendor that says it's ok (especially when HIPPA is in the mix) to use shared ID's is suspect in my book. If you join the machine to a domain then there is nothing confusing from the end user's standpoint about using their own individual ID. Rather, it would be more confusing for them to have the additional shared ID.
Agreed, with profile sharing comes a whole host of issues - not the least of which is the inability to have good accountability (or even ANY accountability) for exactly who did exactly what and exactly when it happened. Find another vendor - one that adheres to basic security principals. Try to find someone with a SAS 70 type II certification if possible. I'll guarantee those organizations won't allow profile sharing. Thanks for asking before jumping into this one and regretting it later.
Concur. This is a disaster waiting to happen. If they are this lackadaisical with something you can see (requiring shared logins), what on earth are they doing that you can't see?