sims not yet broke our AD, folder redirection just stopped working after applying ( yet another ) upgrade
but to be honest we immediately felt the benefit of the upgrade as we all got an icon changed !! wow
Reminds me, a kid once asked me the name of one of my collegue's wife. The kid was sat at a computer at the logon screen with the collegues's user name already typed in.
We make our users change AD passwords every 45 days, SIMS never makes them change it so it's a fair bet they're different here.
... disagree. I think it's well-documented that single sign-on does help for the following reasons:Single sign-on doesn't help with that, multiple passwords doesn't either because I bet anyone on here £5 that at least 50% of your staff have an identical AD and SIMS password [...]
1) It's easier to audit one authentication on one system than eg. 5 authentications on 5 systems running different types of authentication.
2) It's easier to configure your one point of authentication to have the security level you desire. "Force all your access through one door, and make sure you understand the security of that door". I *trust* the Windows implementation of Kerberos, I don't trust the fact that SIMS doesn't encrypt passwords before sending.
3) I restate, but the principle of requiring your users have ONE password instead of several WILL, overall, reduce the risk of passwords being compromised.
4) If a password has been compromised, there's one place to change it. Less confusion for the unsavvy user.
Ok... I hear your points. But there's no use being fatalistic about it: "nobody will ever take security seriously" etc...
Also, wasn't there a recommendation in the BECTA Security guidelines to implement federated access control (and therefore SSO)?
Well, we have the following passwords in the school for staff:
1. Their windows domain account, used for windows, helpdesk, room booking
2. Their email username and password, used for any system provided by county, so email, SiX, learning gateway etc...
3. Their website password, used for editing the school website
4. Their SIMS.net password
5. Their voicemail pin
And then, there are a few with access to other systems such as FMS, Nova-T4, and Expo Electro.
I know of at least 5 teachers who have those details written in their diaries. This number increases for our TAs.
A single sign on would increase security no-end.
We are moving towards single sign on, this active directory integration helps this alot
Originally Posted by dhicks
This system works well for us using SIMS over Terminal Services - the user logs in to the TS server, the SIMS client automatically starts up and logs them in, as far as the user is concerned they've just logged in to SIMS using their standard AD username and password. You can set the password-protected screensaver to start on the TS server after 3 minutes, so anyone wandering away from their workstation gets it automatically locked pretty quickly and everyone only has one username and password to remember.
Password sharing is a problem here so we make them change their password every 45 days and it has to be 8+ characters and alpha numeric. I'm ok with them writing it down and keeping it in their purse or wallet tbh, at least then they have good passwords that help secure our remote access.
We're just gone to using AD logons for sims and everything seems to be working well however when users start NOVA T it asks them for username and password? is there any addition settings that need to be set for this to work?
There are currently 1 users browsing this thread. (0 members and 1 guests)