MIS Systems Thread, SIMS.Net Active Directory Integration in Technical; Hello,
As anybody been able to integrate Active Directory and SIMS.Net together? We've just moved to SIMS.Net and if possible ...
13th February 2008, 02:36 PM #1
SIMS.Net Active Directory Integration
As anybody been able to integrate Active Directory and SIMS.Net together? We've just moved to SIMS.Net and if possible would like the ability for SIMS.Net not to bring up the prompt but instead log them straight in based on their AD Credentials.
13th February 2008, 04:07 PM #2
Surely this is a security risk?
What if a member of staff logons onto to a machine and goes walkabouts as they always do without locking it, when a kid wals up and opens SIMS and they can get access to all the info!;-)
13th February 2008, 04:10 PM #3
- Rep Power
That is the exact reason that our LEA's given for not implementing this, tis VERY risky if your staff aren't absolutely spot-on with logging off.
Originally Posted by DSapseid
13th February 2008, 04:32 PM #4
Weve done this only for specific members of staff,
You need to edit your local connect.ini from C:\Program Files\SIMS\SIMS .net and add the line below.
C:\Program Files\SIMS\SIMS .net
when you start sims you can choose login with current windows user, or sims username.
Then, in sims goto system manager, select the user and change there username format to DOMAIN\USERNAME. thats it!
8 Thanks to PRicho:
FN-GM (13th February 2008), greenfieldsupport (5th March 2008), joe90bass (22nd February 2008), leco (13th February 2008), robknowles (13th February 2008), soapyfish (26th May 2011), TheScarfedOne (13th December 2012), zag (14th February 2008)
13th February 2008, 04:41 PM #5
Thanks PRicho that worked. I just wanted to see how it works - not sure whether we will use it yet as concerns about security (same reasons as specified in above posts). It's a shame you aren't required to type your windows username and password into the SIMS.Net logon box as an extra bit of security.
13th February 2008, 04:45 PM #6
How would this work in terms of an AD user changing their password? Would you have to manually go into SIMS System Manager to change it there too or would it happen automatically?
13th February 2008, 04:47 PM #7
You could put in a feature request with Capita...
13th February 2008, 04:59 PM #8
if you change your password in AD it automaticly changes in sims.net, ive just tryed it my self
13th February 2008, 06:40 PM #9
I understood (from the consultant who came to move our SIMS installation to our new server) that SIMS doesn't check passwords, it simply trusts the username it is passed. When they said "integration with Active Directory" I thought it was going to be something a tad fancier too - I thought I'd be getting SIMS checking against our LDAP directory and so on. I figure this is still a useful feature, though - it would seem to be perfect for SIMS over Terminal Services, so a user just needs to type their normal domain username and password to start a terminal session, then SIMS trusts the TS server and logs the user in automatically. I'm planning (in my copious spare time) to turn our SIMS server into a terminal services server, I'll see if this actually works.
Originally Posted by notalot
5th March 2008, 03:41 AM #10
- Rep Power
Firstly, to DSapseid. I've heard this argument used a number of times now. I've heard people say that having the extra password box 'adds an extra layer of security'.
You are right, a member of staff can walk away from their laptop without locking it. But what difference does having the extra login box make?
Staff are just as likely to leave their laptop unlocked with SIMS running as they are without it running!
They may KNOW not to leave SIMS open, but actually they should KNOW not to leave ANYTHING open!
Alternatively, even if SIMS isn't left open, they may leave their email open - which in a school environment where staff email parents, could be equally damaging in terms of data security!
The key is to teach staff to ALWAYS lock Windows. And get them to sign an agreement saying they will do so.
In fact, using Windows authentication (i.e. the removal of the SIMS username and password) will increase total security as long as staff lock laptops.
The reason for this is that you can prevent people from logging on to SIMS from another person's Windows logon. Everything can then technically be tracked back to someone's Windows logon. SIMS logon is ALWAYS tied to Windows logon.
Furthermore, you can't set password policies for SIMS, but you can for a Windows domain.
Also, passwords aren't sent unencrypted :P
Other security principles are in force with Single Sign-on:
1) The more time your user enters a password, the more likely it is to be overseen by someone else
2) The more passwords your users have, the more likely they are to write them down
In conclusion, to a layman it would seem more secure to have an extra prompt to enter a password - it would seem like an extra 'level' of protection.
In actual fact, the less thoughtful your users are, the more important it is to use Single Sign-on, flowed authentication, and the reduction of number of passwords (note: the increase in password complexity).
We use Windows Authentication for SIMS, and... it works. I don't trust anyone who says it's a risk... it's a risk not to!
6 Thanks to msi:
bigal06 (16th December 2009), chriscubed (14th May 2009), jonwitts (11th February 2010), jumpinjamez (16th December 2009), MattGibson (4th February 2014), zag (5th March 2008)
5th March 2008, 10:10 AM #11
5th March 2008, 10:20 AM #12
Is this true? From what i can think of it must be as adding a line to a clients ini file isnt going to make SIMS "intergrate" into anything.
Originally Posted by dhicks
If this is the case capita have dropped even lower in my expectations, and that *really* is saying something!! Feck me, what a terrible company! Good job they are "friends" with labour eh?
5th March 2008, 10:22 AM #13
It's not like sims even has case sensitive passwords yet!
5th March 2008, 11:25 AM #14
The problem is users who use crap passwords, write down their crap passwords, tell their crap passwords to other people and consider their convenience more important than keeping data secure, buffered by management who doesn't see password (and thus data) security as a big part of the teachers job and so doesn't bollock them sufficiently when said lax password security is raised as an issue.
Single sign-on doesn't help with that, multiple passwords doesn't either because I bet anyone on here £5 that at least 50% of your staff have an identical AD and SIMS password, regardless of whether you've told them not to. That password will also give you access to their online banking 30% of the time, and they'll tell you that "I use that for everything" after telling it to you accidentally.
2 Thanks to pete:
bigal06 (16th December 2009)
5th March 2008, 11:35 AM #15
Originally Posted by pete
Id say I know around 75-80% of the teachers passwords. God help them all if i was that type of person to raid their banks! Mind i do need a new car *mawhaha..*
Last edited by j17sparky; 5th March 2008 at 11:41 AM.
By alextreadwell in forum Network and Classroom Management
Last Post: 25th November 2010, 04:28 PM
By netcamit in forum Web Development
Last Post: 20th September 2010, 11:52 PM
By Tricky_Dicky in forum MIS Systems
Last Post: 8th January 2010, 01:47 PM
By AnnDroyd in forum Virtual Learning Platforms
Last Post: 18th November 2009, 02:09 PM
By ANB in forum MIS Systems
Last Post: 19th January 2009, 10:00 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)