+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
MIS Systems Thread, SIMS.Net Active Directory Integration in Technical; sims not yet broke our AD, folder redirection just stopped working after applying ( yet another ) upgrade but to ...
  1. #16
    farmerste's Avatar
    Join Date
    Mar 2007
    Location
    uk
    Posts
    339
    Thank Post
    100
    Thanked 23 Times in 20 Posts
    Rep Power
    21

    sims not yet?

    sims not yet broke our AD, folder redirection just stopped working after applying ( yet another ) upgrade
    but to be honest we immediately felt the benefit of the upgrade as we all got an icon changed !! wow

  2. #17
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Quote Originally Posted by farmerste View Post
    sims not yet broke our AD, folder redirection just stopped working after applying ( yet another ) upgrade
    but to be honest we immediately felt the benefit of the upgrade as we all got an icon changed !! wow
    LOL

  3. #18


    Join Date
    Jul 2007
    Location
    Rural heck
    Posts
    2,662
    Thank Post
    120
    Thanked 434 Times in 353 Posts
    Rep Power
    125
    Reminds me, a kid once asked me the name of one of my collegue's wife. The kid was sat at a computer at the logon screen with the collegues's user name already typed in.

  4. #19
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    We make our users change AD passwords every 45 days, SIMS never makes them change it so it's a fair bet they're different here.

  5. #20


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,534
    Thank Post
    271
    Thanked 752 Times in 590 Posts
    Rep Power
    218
    Quote Originally Posted by cookie_monster View Post
    We make our users change AD passwords every 45 days, SIMS never makes them change it so it's a fair bet they're different here.
    have you tested to see if oldpassword1, oldpassword2, oldpassword3 works?

    I'd rather they had _one_ good, hard-to-guess or bruteforce password that they were careful not to disclose.

  6. #21
    msi
    msi is offline

    Join Date
    Mar 2008
    Posts
    20
    Thank Post
    1
    Thanked 8 Times in 2 Posts
    Rep Power
    14
    Quote Originally Posted by pete View Post
    The problem is users who use crap passwords, write down their crap passwords, tell their crap passwords to other people and consider their convenience more important than keeping data secure, buffered by management who doesn't see password (and thus data) security as a big part of the teachers job and so doesn't bollock them sufficiently when said lax password security is raised as an issue.
    Couldn't agree more.

    Single sign-on doesn't help with that, multiple passwords doesn't either because I bet anyone on here 5 that at least 50% of your staff have an identical AD and SIMS password [...]
    ... disagree. I think it's well-documented that single sign-on does help for the following reasons:

    1) It's easier to audit one authentication on one system than eg. 5 authentications on 5 systems running different types of authentication.

    2) It's easier to configure your one point of authentication to have the security level you desire. "Force all your access through one door, and make sure you understand the security of that door". I *trust* the Windows implementation of Kerberos, I don't trust the fact that SIMS doesn't encrypt passwords before sending.

    3) I restate, but the principle of requiring your users have ONE password instead of several WILL, overall, reduce the risk of passwords being compromised.

    4) If a password has been compromised, there's one place to change it. Less confusion for the unsavvy user.

    Ok... I hear your points. But there's no use being fatalistic about it: "nobody will ever take security seriously" etc...

  7. #22

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Also, wasn't there a recommendation in the BECTA Security guidelines to implement federated access control (and therefore SSO)?

  8. #23

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,095
    Thank Post
    511
    Thanked 2,308 Times in 1,784 Posts
    Blog Entries
    24
    Rep Power
    803
    Well, we have the following passwords in the school for staff:

    1. Their windows domain account, used for windows, helpdesk, room booking
    2. Their email username and password, used for any system provided by county, so email, SiX, learning gateway etc...
    3. Their website password, used for editing the school website
    4. Their SIMS.net password
    5. Their voicemail pin

    And then, there are a few with access to other systems such as FMS, Nova-T4, and Expo Electro.

    I know of at least 5 teachers who have those details written in their diaries. This number increases for our TAs.

    A single sign on would increase security no-end.

  9. #24
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,530
    Thank Post
    815
    Thanked 380 Times in 317 Posts
    Blog Entries
    12
    Rep Power
    80
    We are moving towards single sign on, this active directory integration helps this alot

  10. #25

    Join Date
    Dec 2009
    Posts
    8
    Thank Post
    6
    Thanked 2 Times in 2 Posts
    Rep Power
    0
    Quote Originally Posted by DSapseid View Post
    Surely this is a security risk?

    What if a member of staff logons onto to a machine and goes walkabouts as they always do without locking it, when a kid wals up and opens SIMS and they can get access to all the info!;-)
    I think you have answered your own question - The security risk is about staff leaving their workstations logged in and going walkabouts. I would be seriously worried about anybody leaving their workstation unattended with access to the network and email, let alone SIMS

  11. #26

    Join Date
    Dec 2009
    Posts
    8
    Thank Post
    6
    Thanked 2 Times in 2 Posts
    Rep Power
    0
    Excellent response

    Quote Originally Posted by msi View Post
    Firstly, to DSapseid. I've heard this argument used a number of times now. I've heard people say that having the extra password box 'adds an extra layer of security'.

    You are right, a member of staff can walk away from their laptop without locking it. But what difference does having the extra login box make?

    Staff are just as likely to leave their laptop unlocked with SIMS running as they are without it running!

    They may KNOW not to leave SIMS open, but actually they should KNOW not to leave ANYTHING open!

    Alternatively, even if SIMS isn't left open, they may leave their email open - which in a school environment where staff email parents, could be equally damaging in terms of data security!

    The key is to teach staff to ALWAYS lock Windows. And get them to sign an agreement saying they will do so.

    In fact, using Windows authentication (i.e. the removal of the SIMS username and password) will increase total security as long as staff lock laptops.

    The reason for this is that you can prevent people from logging on to SIMS from another person's Windows logon. Everything can then technically be tracked back to someone's Windows logon. SIMS logon is ALWAYS tied to Windows logon.

    Furthermore, you can't set password policies for SIMS, but you can for a Windows domain.

    Also, passwords aren't sent unencrypted :P

    Other security principles are in force with Single Sign-on:

    1) The more time your user enters a password, the more likely it is to be overseen by someone else

    2) The more passwords your users have, the more likely they are to write them down

    etc.

    In conclusion, to a layman it would seem more secure to have an extra prompt to enter a password - it would seem like an extra 'level' of protection.

    In actual fact, the less thoughtful your users are, the more important it is to use Single Sign-on, flowed authentication, and the reduction of number of passwords (note: the increase in password complexity).

    We use Windows Authentication for SIMS, and... it works. I don't trust anyone who says it's a risk... it's a risk not to!

  12. #27

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,493
    Thank Post
    1,184
    Thanked 745 Times in 647 Posts
    Rep Power
    228
    Quote Originally Posted by dhicks
    I understood (from the consultant who came to move our SIMS installation to our new server) that SIMS doesn't check passwords, it simply trusts the username it is passed.
    Quote Originally Posted by j17sparky View Post
    Is this true?
    Yes. The SIMS client will check the username it is passed from Windows and, if set up to do so, will automatically log that user in to SIMS. This is the same as NTLM authentication as used by web browsers (although I don't know if this is actually NTLM authentication, I can't be bothered to go and look it up).

    This system works well for us using SIMS over Terminal Services - the user logs in to the TS server, the SIMS client automatically starts up and logs them in, as far as the user is concerned they've just logged in to SIMS using their standard AD username and password. You can set the password-protected screensaver to start on the TS server after 3 minutes, so anyone wandering away from their workstation gets it automatically locked pretty quickly and everyone only has one username and password to remember.

    --
    David Hicks

  13. #28
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Quote Originally Posted by pete View Post
    have you tested to see if oldpassword1, oldpassword2, oldpassword3 works?

    I'd rather they had _one_ good, hard-to-guess or bruteforce password that they were careful not to disclose.

    Password sharing is a problem here so we make them change their password every 45 days and it has to be 8+ characters and alpha numeric. I'm ok with them writing it down and keeping it in their purse or wallet tbh, at least then they have good passwords that help secure our remote access.

  14. #29

    Join Date
    Sep 2008
    Location
    Leicester
    Posts
    24
    Thank Post
    3
    Thanked 2 Times in 1 Post
    Rep Power
    12
    Quote Originally Posted by robknowles View Post
    Hello,

    As anybody been able to integrate Active Directory and SIMS.Net together? We've just moved to SIMS.Net and if possible would like the ability for SIMS.Net not to bring up the prompt but instead log them straight in based on their AD Credentials.

    Thanks,

    Rob
    YES!
    in your connect.in use

    Connectiontype-TrustedAuto
    This will suppress the intial login screen and solong as youve set the users with AD credential in system manager this should work.

  15. #30

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    732
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Hello,

    We're just gone to using AD logons for sims and everything seems to be working well however when users start NOVA T it asks them for username and password? is there any addition settings that need to be set for this to work?

    TIA,

    Ash.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Spiceworks Active directory Integration
    By alextreadwell in forum Network and Classroom Management
    Replies: 4
    Last Post: 25th November 2010, 03:28 PM
  2. Active Directory integration for Joomla
    By netcamit in forum Web Development
    Replies: 0
    Last Post: 20th September 2010, 10:52 PM
  3. CMIS and Active Directory Integration
    By Tricky_Dicky in forum MIS Systems
    Replies: 3
    Last Post: 8th January 2010, 12:47 PM
  4. Frog Active Directory Integration
    By AnnDroyd in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 18th November 2009, 01:09 PM
  5. Replies: 16
    Last Post: 19th January 2009, 09:00 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •