General Chat Thread, Temporary agency staff and administrative access in General; We are getting some agency staff in to cover a couple of people who are off sick in the IT ...
7th July 2011, 11:03 PM #1
- Rep Power
Temporary agency staff and administrative access
We are getting some agency staff in to cover a couple of people who are off sick in the IT department. Never really had a need for this before, and previous managers never really looked into this.
Whats the best way to go about giving them access to the system. I have no qualms about giving them their own logins so they can access applications and do day to day stuff, but we also access servers with the administrator account and domain password.
Do i duplicate the admin account and give them that if they need access, do i avoid them doing any admin work all together, or do i draw up an agreement with regards to use of our network and passwords?
7th July 2011, 11:04 PM #2
avoid all admin access if possible, that way they cant do too much
7th July 2011, 11:18 PM #3
What roles are they in for is the first question, if its just fixing dead PCs probably limited admin is needed, however if there a Network Techy they will need admin won't they to do the job.
Surely the contract you have with the supplier of said people covers things like Data Protection, CRB Clearance, Confidentiality etc....
7th July 2011, 11:33 PM #4
As said what do they need to do? Access can be quite granular; only give them access to what they need. If they need to reset passwords delegate the permission to them. If they will be imaging machines just give them access to that, GPO permissions can be granted without full admin access, etc. If they are only temps then they ain't gunna need to be "on" the servers are they, but they may need access to certain functions.
7th July 2011, 11:40 PM #5
8th July 2011, 12:53 AM #6
To some extent you have to trust external companies doing work for you. If we trust Smoothwall to get into their devices then I trust them to know what they can and can't do on a network. If we trust the folk putting in our VLANs or managed wireless networks then we should let them get on with it.
The considerations in this case are around data protection and system security.
Local passwords can always be forceably changed at a later date so give them a temp one for now.
BIOS passwords should be different to other passwords anyway so this is a chance for you to make a start changing it. If they need the old one, then you have to consider teh chances they might do damage elsewhere ... if there is little chance then trust them. If they need access to perform certain domain level tasks then delegated authority, or give them a user account with domain admin access, but not the administrator account.
No doubt there is something in their contract to get them to agree to a code of conduct anyway ... if they breach it at a later date when they are not meant to have any access then it is a breach of the Computer Misuse Act. Let them know that this is the case and that you *have* to mention it to them as a standard thing ... not that you don't trust them (even if you don't trust them!)
If you really need to keep an eye, then look at increasing the logging on the desktops and servers, and make sure you set aside enough time to sample through what has gone on.
Thanks to GrumbleDook from:
8th July 2011, 09:25 PM #7
By ama178 in forum MIS Systems
Last Post: 22nd May 2011, 10:11 AM
By ozydave in forum MIS Systems
Last Post: 1st February 2011, 11:32 PM
By edutech4schools in forum Wireless Networks
Last Post: 8th September 2010, 07:31 PM
By thegrassisgreener in forum Windows
Last Post: 3rd April 2008, 11:41 AM
By mpcooke in forum MIS Systems
Last Post: 29th February 2008, 10:35 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread