I have a vendor stating that they won't support the Microsoft Server 2008 R2 Terminal Server they are installing unless all users login using the same username and password. They claim this is to make things easier for the endusers.
Server is standalone and runs both the application (EMR) and the backend databse (MySQL). Each of our offices will get one of these servers. My concerns are 1) security and 2) possible issues with all users using the same user account. Security is an issue as we fall under HIPAA and the DB and all stored documents, which contain PHI, are stored on the TS unencrpyted and without any ACLs limiting access from the generic user account. Vendor says that the DB requires a password to login, so this setup is secure.
I have always required users to have their own accounts when using an RDP, Citix, etc server or server farm, so I don't have any real world experience with a setup like this. Wondering what everyone thinks about this type of setup.