+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 30
MIS Systems Thread, SIMS.Net Active Directory Integration in Technical; Hello, As anybody been able to integrate Active Directory and SIMS.Net together? We've just moved to SIMS.Net and if possible ...
  1. #1

    Join Date
    Apr 2007
    Location
    Sutton Coldfield
    Posts
    208
    Thank Post
    29
    Thanked 34 Times in 28 Posts
    Rep Power
    21

    SIMS.Net Active Directory Integration

    Hello,

    As anybody been able to integrate Active Directory and SIMS.Net together? We've just moved to SIMS.Net and if possible would like the ability for SIMS.Net not to bring up the prompt but instead log them straight in based on their AD Credentials.

    Thanks,

    Rob

  2. #2
    DSapseid's Avatar
    Join Date
    Feb 2007
    Location
    West Sussex
    Posts
    1,155
    Thank Post
    131
    Thanked 54 Times in 47 Posts
    Rep Power
    38
    Surely this is a security risk?

    What if a member of staff logons onto to a machine and goes walkabouts as they always do without locking it, when a kid wals up and opens SIMS and they can get access to all the info!;-)

  3. #3

    Join Date
    Jul 2007
    Location
    Middle-Wales
    Posts
    368
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    16
    Quote Originally Posted by DSapseid View Post
    Surely this is a security risk?

    What if a member of staff logons onto to a machine and goes walkabouts as they always do without locking it, when a kid wals up and opens SIMS and they can get access to all the info!;-)
    That is the exact reason that our LEA's given for not implementing this, tis VERY risky if your staff aren't absolutely spot-on with logging off.

  4. #4

    Join Date
    Nov 2007
    Location
    Nottingham
    Posts
    119
    Thank Post
    7
    Thanked 23 Times in 14 Posts
    Rep Power
    18
    Weve done this only for specific members of staff,

    You need to edit your local connect.ini from C:\Program Files\SIMS\SIMS .net and add the line below.

    ConnectionType=Trusted

    C:\Program Files\SIMS\SIMS .net

    when you start sims you can choose login with current windows user, or sims username.

    Then, in sims goto system manager, select the user and change there username format to DOMAIN\USERNAME. thats it!

  5. 8 Thanks to PRicho:

    FN-GM (13th February 2008), greenfieldsupport (5th March 2008), joe90bass (22nd February 2008), leco (13th February 2008), robknowles (13th February 2008), soapyfish (26th May 2011), TheScarfedOne (13th December 2012), zag (14th February 2008)

  6. #5

    Join Date
    Apr 2007
    Location
    Sutton Coldfield
    Posts
    208
    Thank Post
    29
    Thanked 34 Times in 28 Posts
    Rep Power
    21
    Hello,

    Thanks PRicho that worked. I just wanted to see how it works - not sure whether we will use it yet as concerns about security (same reasons as specified in above posts). It's a shame you aren't required to type your windows username and password into the SIMS.Net logon box as an extra bit of security.

    Thanks,

    Rob

  7. #6

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    59
    Thanked 23 Times in 20 Posts
    Rep Power
    18
    How would this work in terms of an AD user changing their password? Would you have to manually go into SIMS System Manager to change it there too or would it happen automatically?

    Dave.

  8. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    You could put in a feature request with Capita...

  9. #8

    Join Date
    Dec 2007
    Location
    Nottinghamshire
    Posts
    206
    Thank Post
    62
    Thanked 26 Times in 22 Posts
    Rep Power
    19
    if you change your password in AD it automaticly changes in sims.net, ive just tryed it my self

  10. #9

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,772
    Thank Post
    1,308
    Thanked 804 Times in 698 Posts
    Rep Power
    246
    Quote Originally Posted by notalot View Post
    if you change your password in AD it automaticly changes in sims.net, ive just tryed it my self
    I understood (from the consultant who came to move our SIMS installation to our new server) that SIMS doesn't check passwords, it simply trusts the username it is passed. When they said "integration with Active Directory" I thought it was going to be something a tad fancier too - I thought I'd be getting SIMS checking against our LDAP directory and so on. I figure this is still a useful feature, though - it would seem to be perfect for SIMS over Terminal Services, so a user just needs to type their normal domain username and password to start a terminal session, then SIMS trusts the TS server and logs the user in automatically. I'm planning (in my copious spare time) to turn our SIMS server into a terminal services server, I'll see if this actually works.

    --
    David Hicks

  11. #10
    msi
    msi is offline

    Join Date
    Mar 2008
    Posts
    22
    Thank Post
    1
    Thanked 8 Times in 2 Posts
    Rep Power
    15
    Firstly, to DSapseid. I've heard this argument used a number of times now. I've heard people say that having the extra password box 'adds an extra layer of security'.

    You are right, a member of staff can walk away from their laptop without locking it. But what difference does having the extra login box make?

    Staff are just as likely to leave their laptop unlocked with SIMS running as they are without it running!

    They may KNOW not to leave SIMS open, but actually they should KNOW not to leave ANYTHING open!

    Alternatively, even if SIMS isn't left open, they may leave their email open - which in a school environment where staff email parents, could be equally damaging in terms of data security!

    The key is to teach staff to ALWAYS lock Windows. And get them to sign an agreement saying they will do so.

    In fact, using Windows authentication (i.e. the removal of the SIMS username and password) will increase total security as long as staff lock laptops.

    The reason for this is that you can prevent people from logging on to SIMS from another person's Windows logon. Everything can then technically be tracked back to someone's Windows logon. SIMS logon is ALWAYS tied to Windows logon.

    Furthermore, you can't set password policies for SIMS, but you can for a Windows domain.

    Also, passwords aren't sent unencrypted :P

    Other security principles are in force with Single Sign-on:

    1) The more time your user enters a password, the more likely it is to be overseen by someone else

    2) The more passwords your users have, the more likely they are to write them down

    etc.

    In conclusion, to a layman it would seem more secure to have an extra prompt to enter a password - it would seem like an extra 'level' of protection.

    In actual fact, the less thoughtful your users are, the more important it is to use Single Sign-on, flowed authentication, and the reduction of number of passwords (note: the increase in password complexity).

    We use Windows Authentication for SIMS, and... it works. I don't trust anyone who says it's a risk... it's a risk not to!

  12. 6 Thanks to msi:

    bigal06 (16th December 2009), chriscubed (14th May 2009), jonwitts (11th February 2010), jumpinjamez (16th December 2009), MattGibson (4th February 2014), zag (5th March 2008)

  13. #11
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 477 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98
    Very good points MSI

  14. #12


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    Quote Originally Posted by dhicks View Post
    I understood (from the consultant who came to move our SIMS installation to our new server) that SIMS doesn't check passwords, it simply trusts the username it is passed.
    Is this true? From what i can think of it must be as adding a line to a clients ini file isnt going to make SIMS "intergrate" into anything.

    If this is the case capita have dropped even lower in my expectations, and that *really* is saying something!! Feck me, what a terrible company! Good job they are "friends" with labour eh?

  15. #13
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,505
    Thank Post
    10
    Thanked 508 Times in 445 Posts
    Rep Power
    116
    It's not like sims even has case sensitive passwords yet!

  16. #14


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,715
    Thank Post
    288
    Thanked 789 Times in 616 Posts
    Rep Power
    226
    The problem is users who use crap passwords, write down their crap passwords, tell their crap passwords to other people and consider their convenience more important than keeping data secure, buffered by management who doesn't see password (and thus data) security as a big part of the teachers job and so doesn't bollock them sufficiently when said lax password security is raised as an issue.

    Single sign-on doesn't help with that, multiple passwords doesn't either because I bet anyone on here £5 that at least 50% of your staff have an identical AD and SIMS password, regardless of whether you've told them not to. That password will also give you access to their online banking 30% of the time, and they'll tell you that "I use that for everything" after telling it to you accidentally.

  17. 2 Thanks to pete:

    bigal06 (16th December 2009)

  18. #15


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    Quote Originally Posted by pete View Post
    The problem is users who use crap passwords, write down their crap passwords, tell their crap passwords to other people and consider their convenience more important than keeping data secure, buffered by management who doesn't see password (and thus data) security as a big part of the teachers job and so doesn't bollock them sufficiently when said lax password security is raised as an issue.

    Single sign-on doesn't help with that, multiple passwords doesn't either because I bet anyone on here £5 that at least 50% of your staff have an identical AD and SIMS password, regardless of whether you've told them not to. That password will also give you access to their online banking 30% of the time, and they'll tell you that "I use that for everything" after telling it to you accidentally.
    lmao True.

    Id say I know around 75-80% of the teachers passwords. God help them all if i was that type of person to raid their banks! Mind i do need a new car *mawhaha..*
    Last edited by j17sparky; 5th March 2008 at 11:41 AM.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Spiceworks Active directory Integration
    By alextreadwell in forum Network and Classroom Management
    Replies: 4
    Last Post: 25th November 2010, 04:28 PM
  2. Active Directory integration for Joomla
    By netcamit in forum Web Development
    Replies: 0
    Last Post: 20th September 2010, 11:52 PM
  3. CMIS and Active Directory Integration
    By Tricky_Dicky in forum MIS Systems
    Replies: 3
    Last Post: 8th January 2010, 01:47 PM
  4. Frog Active Directory Integration
    By AnnDroyd in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 18th November 2009, 02:09 PM
  5. Replies: 16
    Last Post: 19th January 2009, 10:00 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •