LGfL 2.0 Problems - Remote Access (The Actual Chance Of Using Is Very Remote!)

[Searle]

Since we have moved over to LGfL 2.0 services (Synetrix to Atomwide) we can no longer provide external support staff with remote access into our systems without first requesting a USO account to be created by Atomwide.

The first time I attempted to have an account created resulted in a support call to Atomwide because the user had the same name and year of birth as someone else. This caused a two day delay.

During the support telephone call I asked Atomwide for advice regarding support for SIMS and access by Capita. I was advised that as a registered company all Capita support staff had a USO account. I was further advised to obtain the details from Capita of all the support staff which are involved in outstanding or future cases.

I called Capita in order to initiate the remote access for a long outstanding case. I was advised that Capita staff did not have USO accounts. Capita confirmed that they were currently struggling to provide support to several schools due to the lack of remote access.

When there is a stupid and unworkable rule then there is no point in having it!

I therefore set out to create a fake USO account with an obvious fictitious name: Joe Bloggs. Atomwide refused to create the account without me having to produce proof of Joe Bloggs existence. It seems that Atomwide are now scrutinising all requests and asking us to provide evidence of each user. Is this within their remit?

If I was less honest then the options are to create a less obvious name or simply use the USO account of an existing member staff who is never likely to use remote access.

The policy to remove remote access was decided by LGfL without any prior consultation with staff working in schools.

I intend to have this policy reviewed and hopefully reversed. If this policy affects your school or you anticipate that it will do so in the future then please email brian.durrant@lgfl.org.uk.

If you simply agree that this should be re-enabled then please cast your vote in the poll.

Thanks

Julian Griffiths-Searle
ICT Systems Manager
Battersea Park School

[RosieC]

Hey Searle,

I wouldnt have picked Joe Bloggs though? Thats just asking for trouble right? We have our support company using the remote access in lgfl and they think its ok. a bit different but thats technology!

Thats my 2 cents anyway.

[Nodrog]

Capita SIMS staff use LANDesk to remote into LGfL 2.0 schools and this works well - some of there help desk staff also have USO accounts so that’s not a problem if they want to use RAV3 or the RDP gateway - all with a trace history of who's going where.

Personally I like traceability and accountability and welcome this to a network - it protects me from any dodgy doing that random generic accounts would open me up to and certainly handing out a single generic account to 3rd party companies sounds like a VERY dodgy idea to me.

I think your brave to blatantly try and create fake USO accounts and be this vocal about it - does your head know your doing this ?

Like RosieC says - just my 2 cents

[thatley]

I’m with NoDrog on this. From the word go, and for good reasons, it’s been the case that generic USO’s are not permitted and I think that’s how it should stay. Security of your network and the LGFL’s should be paramount and the only way to keep this in line is to have traceability of individual users. I certainly wouldn’t want any old ‘Joe Bloggs’ to have remote access and potentially compromise my networks.

[BromleyTech]

Sorry Searle, going to have to agree with everyone else. I feel generic accounts for this purpose are a bad idea and the traceability is critical.

[hit]

The rule of no generic accounts is mainly a licensing issue for LGfL. Sophos, live@edu, guardian unlimited etc. are all licenced to current LGfL school staff only. It's explained in more detail here: https://support.lgfl.org.uk/public/lgfl_faq.aspx