+ Post New Thread
Results 1 to 7 of 7
General Chat Thread, Temporary agency staff and administrative access in General; We are getting some agency staff in to cover a couple of people who are off sick in the IT ...
  1. #1
    dsk
    dsk is offline

    Join Date
    Mar 2008
    Location
    London
    Posts
    93
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Temporary agency staff and administrative access

    We are getting some agency staff in to cover a couple of people who are off sick in the IT department. Never really had a need for this before, and previous managers never really looked into this.

    Whats the best way to go about giving them access to the system. I have no qualms about giving them their own logins so they can access applications and do day to day stuff, but we also access servers with the administrator account and domain password.

    Do i duplicate the admin account and give them that if they need access, do i avoid them doing any admin work all together, or do i draw up an agreement with regards to use of our network and passwords?

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,004
    Thank Post
    1,631
    Thanked 1,907 Times in 1,416 Posts
    Blog Entries
    2
    Rep Power
    432
    avoid all admin access if possible, that way they cant do too much

  3. #3

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,619
    Thank Post
    1,499
    Thanked 1,053 Times in 922 Posts
    Rep Power
    304
    What roles are they in for is the first question, if its just fixing dead PCs probably limited admin is needed, however if there a Network Techy they will need admin won't they to do the job.

    Surely the contract you have with the supplier of said people covers things like Data Protection, CRB Clearance, Confidentiality etc....

  4. #4


    Join Date
    Oct 2006
    Posts
    3,412
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    As said what do they need to do? Access can be quite granular; only give them access to what they need. If they need to reset passwords delegate the permission to them. If they will be imaging machines just give them access to that, GPO permissions can be granted without full admin access, etc. If they are only temps then they ain't gunna need to be "on" the servers are they, but they may need access to certain functions.

  5. #5
    dsk
    dsk is offline

    Join Date
    Mar 2008
    Location
    London
    Posts
    93
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    They will be in to help with the summer project work. I suppose any domain user can join the machine to the domain, but they will need access to our local passwords and bios passwords when it comes to setting these machines up.

    Our passwords are somewhat consistent across our apps (smoothwall, papercut, moodle) though im sure i can probably get around them for this purpose.

    I only have one member of staff, when i should have three.

    Taken over as manager, but dont really have any junior staff to support me...

  6. #6

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,937
    Thank Post
    1,343
    Thanked 1,786 Times in 1,109 Posts
    Blog Entries
    19
    Rep Power
    595
    To some extent you have to trust external companies doing work for you. If we trust Smoothwall to get into their devices then I trust them to know what they can and can't do on a network. If we trust the folk putting in our VLANs or managed wireless networks then we should let them get on with it.

    The considerations in this case are around data protection and system security.

    Local passwords can always be forceably changed at a later date so give them a temp one for now.
    BIOS passwords should be different to other passwords anyway so this is a chance for you to make a start changing it. If they need the old one, then you have to consider teh chances they might do damage elsewhere ... if there is little chance then trust them. If they need access to perform certain domain level tasks then delegated authority, or give them a user account with domain admin access, but not the administrator account.

    No doubt there is something in their contract to get them to agree to a code of conduct anyway ... if they breach it at a later date when they are not meant to have any access then it is a breach of the Computer Misuse Act. Let them know that this is the case and that you *have* to mention it to them as a standard thing ... not that you don't trust them (even if you don't trust them!)

    If you really need to keep an eye, then look at increasing the logging on the desktops and servers, and make sure you set aside enough time to sample through what has gone on.

  7. Thanks to GrumbleDook from:

    dsk (8th July 2011)

  8. #7
    dsk
    dsk is offline

    Join Date
    Mar 2008
    Location
    London
    Posts
    93
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    To be fair they seem like decent enough people, ive spent a good hour with them all grilling them and making sure they know what they are in for. One even got back to his agency contact saying he was even more interested in the job after i told him how much work we had to do, haha!

    In the past we've had people come in, one that i remember was for our wireless setup. My manager at the time made a duplicate of the admin account just so this person could do their stuff and get things working.

    Thank you all for the advice and comments, its actually been really helpful!

SHARE:
+ Post New Thread

Similar Threads

  1. Multi Agency Access to MIS Data
    By ama178 in forum MIS Systems
    Replies: 3
    Last Post: 22nd May 2011, 09:11 AM
  2. [SIMS] Agency access to sims
    By ozydave in forum MIS Systems
    Replies: 9
    Last Post: 1st February 2011, 10:32 PM
  3. Anyone using OpenVPN Access Server to access server shares for staff
    By edutech4schools in forum Wireless Networks
    Replies: 11
    Last Post: 8th September 2010, 06:31 PM
  4. Staff Access from home????
    By thegrassisgreener in forum Windows
    Replies: 27
    Last Post: 3rd April 2008, 10:41 AM
  5. Agency staff and SIMS
    By mpcooke in forum MIS Systems
    Replies: 3
    Last Post: 29th February 2008, 09:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •