However, it may not be such a problem in practice, since the focus of this solution is end users with laptops rather than servers, and remote login to a laptop is not common.This is still ultimately going to end up on a server though, isn't it. And you _should_ be making users log into their own account and then elevate privileges so that you have an audit trail.
Not only that, but I do often remotely log into people's laptops from a user account that should NOT be running. Where I do maintenance etc work for various family and friends, I keep a way to go in via SSH. Also I have my own machine often at home where it may be on but me logged out (or where it's off but I ask someone else to turn it on). I have auto-login disabled where others can readily get physical access, but pottything seems to think that "for security", in order to maintain my 'workflow', I need to have the system automatically log me in?
(El reg - where the hell is our "despairing for humanity" icon?????? I suggest a picture of pottything itself would suffice!)