+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 28
General Chat Thread, Network Access - who gets what? in General; Hi. I was wondering what sort of access people at your schools/colleges get. What i mean is, that outside of ...
  1. #1

    Join Date
    Nov 2007
    Posts
    554
    Thank Post
    3
    Thanked 3 Times in 3 Posts
    Rep Power
    15

    Network Access - who gets what?

    Hi.
    I was wondering what sort of access people at your schools/colleges get.
    What i mean is, that outside of techies, network admins, ect; who else gets domain admin or even admin access?

    Bits of internal politics happening here, and i think there's a chance that the head of ICT will demand from the head domain admin access 'because he needs it', and also wants me to document down things for him to do if im not here for worst case scenarios. (His old fix when i wasnt here of pulling the power and restarting wont quite work with our new blade based network. )

    Personally, i just want to make him an account with access to things he 'needs' (printer queues, kids work folders, kids internet logs, ect; ) and then nothing else.

    How does it work at your places. Do anyone but IT technical staff have 'full access'. And if so, how do you manage it?

    I am actually seriously considering walking if the head decides that he (Head of ICT) should have domain admin access.

    Thoughts?

  2. #2

    Join Date
    Nov 2006
    Location
    Kendal
    Posts
    1,555
    Thank Post
    112
    Thanked 177 Times in 144 Posts
    Rep Power
    71
    No-one but IT tech. support has admin access here. I don't see why anyone else would need it. Outside that we have the usual staff shares etc which staff can access but not students.

    When the last head of IT came about 7 years ago he asked for it and I politley declined. He wasn't over bothered. I have started to give staff read only access to student folders so they can look for work etc.

    What "admin" tasks does your head of IT want to do?

    I think I'd be pretty miffed if the head made me give admin access to anyone else.

  3. #3

    Join Date
    Nov 2007
    Posts
    554
    Thank Post
    3
    Thanked 3 Times in 3 Posts
    Rep Power
    15
    He's justifying it by it being just me there. No helpers.
    So its a 'what if your not here' scenario.

    So he wants training on building workstations, what to do if.
    He says he'll never use it. But last time he had access before i cut him off, he started storing all manor of rubbish on the server, amongst other messes he made.

    I was planning on, as said, a 'power login' to do stuff like student logs and whatnot, some light documentation saying this is how to image a workstation and some stuff about this is what each server does. And that'd be it.
    But i think he wants it more in depth than that. Im reluctant to tbh.

    Especially the domain admin access. Theres no accountability, and as im the only one here, if he messes up, its all on my head.
    How they'd expect me to admin the network when the goal posts keep moving i dont know.
    He's justifying it by 'ive done it in the past successfully'. Yes, on a one server network, not on a network like whats going in over summer.

    The head did back me last time he wanted access, but im not so sure now.

  4. #4
    BaccyNet's Avatar
    Join Date
    Jun 2007
    Location
    Norfolk
    Posts
    309
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    17
    Here it is only IT Support who have Domain Admin rights, staff have local administrator rights over their networked laptop but thats as far as it goes.

    Technically if the head requests administrator access, they should be given it. Not sure about anyone below that (or thats how it was said to me when I first joined, thats not to say I would stick with that idea though )

  5. #5

    Join Date
    Nov 2006
    Location
    Kendal
    Posts
    1,555
    Thank Post
    112
    Thanked 177 Times in 144 Posts
    Rep Power
    71
    Can't say I blame you - yes I can see the point of some kind of power user to reset passwords (ours have a little custom mmc) etc but full admin just isn't justified in my book (and I'm not some BOFH - I really do try to help 'em where possible).

    Is he really going to build workstations etc? Workforce reform says clearly that teachers should not be doing things that aren't teaching and learning. Hell I can't even get ours to amend N's in the register!

    As I said earlier I just can't see a reason why a teacher needs admin access - not because I don't trust them just because I can't see how having it helps them.

  6. #6

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,942
    Thank Post
    1,199
    Thanked 1,069 Times in 760 Posts
    Rep Power
    330
    Just allow him power user access which should allow him access to the things he wants.
    I would also have a quiet word with the headteacher and emphasise the fact that the head of ICT if given domain admin rights would be able to look at everything, including any secure documentation that the Headteacher or anyone else for that matter keeps on the servers.

    Security is a must and you have to stress this to your Headteacher as he/she is legally responsible for the schools data.

  7. #7

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241
    Just the techs here.

    I have made up some documentation that is pinned on my wall - Server schema's - just details drives and sizes, shares on the server, backup plan, IP's - things like that. Partly so that if anything fails I can always restore with confidence and partly because if I'm not there and something goes wrong.

    What we have done is created 'systemadmin2' with a random password and stored it in a sealed envelope in the school safe. That way if we're off, something goes wrong then the school can call in the County and they have access to a full admin account if they need it. It is there for this purpose only - no one else can open it.

  8. #8
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,352
    Thank Post
    325
    Thanked 107 Times in 96 Posts
    Rep Power
    51
    Only techies here have admin rights, there is two of us though. Could you compromise and put the admin password in a locked safe, so if the unfortunate happened to you, and someone else had to step in they could?? As for day to day stuff, only give him the access he needs not wants!!

  9. #9

    Join Date
    Mar 2007
    Posts
    1,790
    Thank Post
    82
    Thanked 296 Times in 227 Posts
    Rep Power
    87
    i scared mine off by pointing out if anything went wrong then BOTH of the domain admins would get the blame, and i was the one who was properly trained.

  10. #10

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,213
    Thank Post
    372
    Thanked 379 Times in 337 Posts
    Rep Power
    148
    Only ICT Support have administrator privelages.

    The ICT Staff are able to change student passwords.

    No members of staff have access to any student work areas.

    All staff other than the ICT Department have the same privelages and logon as a student. This way I can guarantee when a member of staff tries something before a lesson they are certain that it will work for students when the lesson takes place. This is the same for internet filtering also all staff and students have the same access.

  11. #11

    Join Date
    Nov 2007
    Posts
    554
    Thank Post
    3
    Thanked 3 Times in 3 Posts
    Rep Power
    15
    Quote Originally Posted by joe90bass View Post
    Could you compromise and put the admin password in a locked safe, so if the unfortunate happened to you, and someone else had to step in they could??
    Thats how it is now.
    Im hoping he'll be happy with the power user thing.

    He wants:
    1 - Access to backups
    2 - Create new users.
    3 - Move users in/out of the internet ban OU.
    4 - Access to internet logs for the kids.
    5 - Delete/manage printer queues.
    6 - Access to kids work
    7 - Access to internet filters

    Now num1 is a non issue as we have shadow copies and he knows how to use it. 2 & 3 can be done by delegating in AD. 4 should be possible as i can have the staffs internet go through the ISA and the kids through the VLE.
    5 is simply an issue of giving him the printer security rights.
    6 i can map a shared drive or two.
    & 7 is similar to 4 as he can do that how it is with the VLE.

    Quote Originally Posted by jcollings View Post
    Is he really going to build workstations etc? Workforce reform says clearly that teachers should not be doing things that aren't teaching and learning. Hell I can't even get ours to amend N's in the register!
    Is that info online anywhere?

    Quote Originally Posted by bossman View Post
    Just allow him power user access which should allow him access to the things he wants.
    I would also have a quiet word with the headteacher and emphasise the fact that the head of ICT if given domain admin rights would be able to look at everything, including any secure documentation that the Headteacher or anyone else for that matter keeps on the servers.

    Security is a must and you have to stress this to your Headteacher as he/she is legally responsible for the schools data.
    Ive been accused of being too security centric, even though i havnt done anything to limit what they can do. Merely lock out what they dont need.


    The way i see it:
    - No accountability with him having the access.
    - Problems are on my head if he messes up.
    - Its not good practice to do so.
    - It makes my job harder as he could change things by accident.
    - Data security, such as admin staff work, containing financial records, would be able to be accessed by him too.
    -

  12. #12
    Busybub's Avatar
    Join Date
    Feb 2007
    Posts
    384
    Thank Post
    44
    Thanked 39 Times in 37 Posts
    Rep Power
    22
    Been where you might be heading and would never want to go there again, I'd quit before it happens again. Had no end of grief getting anything done because of the constant conflicts I would come up against because the ICT teacher decided something was more convenient for him even if it screwed things up for everybody else.

    Best one was his home folder that become so big that the backups failed due to lack of space (he was single handedly storing 44gb of crap, twice as much as the other 200 users combined). Had to take his files out of the backups so that the others would fit because he refused to delete anything, and he refused to cough up for additional storage... you can guess what happened and who got a bollocking for it.

    The irony is that he spent 1500 quid on software he never used whilst an extra hard drive would have cost £50 and would have saved his ass!

    Don't compromise, it's not worth the grief you end up with!

  13. #13

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241
    Is this guy new? If not, where did all this come from? Why is he shouting now?

  14. #14

    Join Date
    Mar 2007
    Posts
    1,790
    Thank Post
    82
    Thanked 296 Times in 227 Posts
    Rep Power
    87
    Quote Originally Posted by boomam View Post
    Ive been accused of being too security centric, -
    one mans security is another mans inconvenience. you need to take this matter to the manager who oversee's you both, your job is to run the network, this fella wants you to comprimise what you do to make his job easier. You need to find out what your manager thinks and ask him how you should do your job in light of this bloke making demands.

  15. #15

    Join Date
    Nov 2006
    Location
    Kendal
    Posts
    1,555
    Thank Post
    112
    Thanked 177 Times in 144 Posts
    Rep Power
    71
    Quote Originally Posted by boomam View Post

    Is that info online anywhere?
    -
    Teachernet, Key steps


    This lists the tasks that should not be routinely undertaken. Half way down is this:

    #
    ICT trouble shooting and minor repairs
    #
    Commissioning new ICT equipment

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Network drive access from home
    By marvin in forum Windows
    Replies: 8
    Last Post: 21st January 2008, 01:19 PM
  2. Moodle + Access network Shares
    By darknova in forum Virtual Learning Platforms
    Replies: 4
    Last Post: 28th November 2007, 03:55 PM
  3. Network Access Control Solutions
    By Simcfc73 in forum Network and Classroom Management
    Replies: 5
    Last Post: 23rd October 2007, 01:37 PM
  4. MySQL Network access
    By _Bob_ in forum *nix
    Replies: 5
    Last Post: 6th April 2006, 01:30 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •