General Chat Thread, IT Teachers and Computer rights in General; Hey guys, I'm a Network Manager at a fairly small special school in Durham, we only have about 65 machines. ...
21st July 2009, 03:13 PM #1
- Rep Power
IT Teachers and Computer rights
Hey guys, I'm a Network Manager at a fairly small special school in Durham, we only have about 65 machines. The head give me strict instructions last night to change all our administration passwords and change the IT teacher from an Adminstrator back to a normal staff user due to a few complains he has had against this particular teacher. When the head explained the situation to the teacher he has kicked up a massive fuss and send numerous letters to both the school governors and his union.
He also mentioned that if we were a main stream school we would require 2 administrators is this true?
so i was just wondering, Do the IT teachers in your school have admin rights? and also how many administrators do you have in your school?
21st July 2009, 03:15 PM #2
You should have 2 administrative accounts as a standard practice incase you are off ill, and it should be assigned to either the Head of IT or your next in line, whichever is appropriate in your case. I have 2 accounts, one of which is mine, the other is my bosses.
But in the grand scheme of things, I am the only one who does the administering!
21st July 2009, 03:16 PM #3
IT Teachers are not part of the administration setup, they are teachers so there is no reason/need for them to have Admin rights.
They do not control the network, they teach the curriculum, so like any other teacher they should have a teacher account.
If you were not there then I would say fair enough, but as you are the network manager and responsible for the network you shouldn't grant them permissions on the basis that if he cocks things up, it's on you.
21st July 2009, 03:22 PM #4
IT teachers have the same restricted rights as other teachers.
What you could do is have your 2 admin accounts but disable one which could be enabled by the HT in the case of your absence. All he needs is an mmc - right click - enable and possibly change the password. You then disable it on your return.
Just a thought
21st July 2009, 03:23 PM #5
I've come to the conclusion there are some (a minority) of ICT teachers who are control freaks when it comes to permissions/access rights and they haven't a clue what they're doing but they want access anyway?
I usually take the approach and say you have one account for teaching (just like other teachers) and an admin account in the event a particular task requiring admin rights is needed. The majority have agreed with my justification and reasoning but a few ICT teachers unfortunately do not "get it".
21st July 2009, 03:30 PM #6
You do not need two accounts but you do need a note of the admin account in a fireproof safe.
21st July 2009, 03:32 PM #7
I'm in a small school aswell and i have the only administrator account my ICT coordinator wanted admin access but i flat out refused as he has no need for admin access and would only mess things up. I have the account name and password written down in an envelope in the safe that is only to be oped in the event of my death
21st July 2009, 03:34 PM #8
IT Teachers should NEVER be administrators (apart from in a very small school where the Network Manager and IT Teacher are the same person, very rare these days). If there are not two IT professionals in the school, have a second administrator account given to the Head in a sealed envelope for use in an emergency.
He can scream to his Union/Govs if he wants, but he'll get short shrift, and that's before you even get started on the Data Protection aspects of a classroom teacher having unbridled access to everything!
21st July 2009, 03:39 PM #9
We have a couple of admins plus account details in the fireproof safe with other details and keys incase a freak accident takes teh whole IT Dept out & an external contractor needs to come in.
21st July 2009, 03:45 PM #10
If one account gets currupted how do you fix it?
Originally Posted by russdev
21st July 2009, 03:51 PM #11
We have a total of 3 admin accounts - myself, my manager (bursar) and the normal domain admin account. The domain admin password is also kept in the fireproof safe.
No teachers, be they IT teacher or the head teacher have an admin account.
There are many reasons that they shouldn't have those privileges such as the Data Protection Act, the fact that the more people who have such accounts, the more likely a password falls into the hands of someone who shouldn't have it, the increased risk of serious damage to the network.
Also, by having those rights, there could come a time when the head or someone would turn to them and ask them to do something 'adminy' which they are not allowed to do under their contract. So it is in the teacher's best interest not to have it!
Best solution with this is to ask them to explain *why* they want such privileges.
21st July 2009, 03:53 PM #12
No other person should have admin rights but yourself, you should have 2 admin accounts in case one admin account for some reason cannot be accessed.
You as the network admin are responsible for the smooth running of the network and you should heed the request given to you from your Headteacher as he is legally responsible for the school.
If you feel the Headteacher is acting in an unreasonable way towards a fellow colleague then you have to go higher.
All written records are to be put into the school safe.
21st July 2009, 04:00 PM #13
Remember that this is a very small school so it is likely that a non-IT person would need "second admin".
Originally Posted by Diello
If the head has said that the second person shouldn't be this teacher then it stops there - the IT manager (whatever their title) should absolutely accept that instruction.
Just out of interest, what bit of the DPA says a teacher is less likely to be trustworthy in terms of access to data than a member of the IT Support Team?
21st July 2009, 04:02 PM #14
I'm suprised at some of the replies here.
As far as I'm concerned there should be one main "domain administrator" account - ideally not called "administrator" by the way - such any easy thing to avoid and prevent 50% of a potential hackers job to be already done!
Once you have that one overall adinistrative account, it should only ever be used by the SINGLE person with overall top-level administrative control of the network - and even then, not as their main day to day account.
All other administrative users should have delegated access to required services (so if you have a technician needing to backups give them "backup operators" etc etc)
This fireproof safe idea is something I don't operate, but am 50/50 on. The only time it would ever need to be utilised is if the entire network admin team were blown off the face of the earth - in which case the server room they are based next to would have gone with them!
In some schools (especially smaller ones) I can see it being a good idea - as long as there was clear understanding it wasn't to be used without written authorisation from the actual administrator or the headteacher.
21st July 2009, 04:05 PM #15
Hmm I'm sure the union will not help him much surely the workload agreement means that teaching staff are not allowed to perform IT administrative duties?
Last Post: 30th June 2009, 04:23 PM
By kylewilliamson in forum General Chat
Last Post: 13th June 2009, 09:07 AM
By crc-ict in forum Wireless Networks
Last Post: 25th April 2008, 10:29 PM
By russdev in forum General Chat
Last Post: 28th July 2005, 02:37 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)