Poll: Do you use SIMS Trusted Logins

+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
MIS Systems Thread, Do you use SIMS Trusted Logins in Technical; Hi Everyone, I'm trying to put a case for using SIMS trusted logins (integrated with active directory). Can you please ...
  1. #1

    Join Date
    Jan 2008
    Location
    Kingston Upon Thames
    Posts
    102
    Thank Post
    11
    Thanked 22 Times in 20 Posts
    Rep Power
    18

    Do you use SIMS Trusted Logins

    Hi Everyone,

    I'm trying to put a case for using SIMS trusted logins (integrated with active directory). Can you please vote and reply with any useful security information both for and against.

    Thanks

  2. #2
    skunk's Avatar
    Join Date
    Mar 2006
    Location
    North West
    Posts
    311
    Thank Post
    88
    Thanked 40 Times in 33 Posts
    Rep Power
    30
    No, no, no, never, not even if I am instructed to do so under pain of unemployment.

    Not moving to this until the staff understand the risks associated with students knowing their passwords.

  3. #3

    Join Date
    Jan 2008
    Location
    Kingston Upon Thames
    Posts
    102
    Thank Post
    11
    Thanked 22 Times in 20 Posts
    Rep Power
    18
    Quote Originally Posted by skunk View Post
    No, no, no, never, not even if I am instructed to do so under pain of unemployment.

    Not moving to this until the staff understand the risks associated with students knowing their passwords.
    Wow strong response! But I can certainly understand if staff are sharing their passwords with students!!! Maybe you should use LART to get the message across.

  4. #4

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    4,035
    Thank Post
    1,262
    Thanked 1,107 Times in 785 Posts
    Rep Power
    338
    Absolutely not

    Teachers and Support staff will not carry the responsibility let alone accept it for the security of their user account even with an AUP in place.

    They are just full of excuses as to why they are so irresponsible when it comes to IT security.

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    We don't use it here, simply because everyone already has a SIMS username and password, and we've had no reason to change yet. However, I will be bringing the subject up at some point, as I want to reduce the number of usernames as much as possible.

  6. #6


    Join Date
    Jul 2007
    Location
    Rural heck
    Posts
    2,662
    Thank Post
    120
    Thanked 433 Times in 352 Posts
    Rep Power
    127
    We do this for some admin staff who use Sims a lot. However we don't use it for teachers because of the reasons above.

  7. #7
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,497
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    We use trusted logons here, but SIMS is only on office and staff room computers, so none which students have access to.

    We used to have lots of paper-based records of parents' contact details, which for administrative (and other) reasons, we got rid of, meaning teachers had to use SIMS to get a phone number. Those who didn't use it very often could never remember their passwords and demanded the paper copies back, so as a compromise we switched to trusted logons.

    If your students know staff passwords, then access to the MIS is far from your only concern, IMHO.

  8. #8

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,956
    Thank Post
    775
    Thanked 1,487 Times in 1,234 Posts
    Rep Power
    367

    Exclamation

    No - for other reasons.

    I use it myself, however it's trusted not full trustedauto for the reason that for troubleshooting i like to be able to log in as other people, or if they come to see me i can get them logged in, without the hassle of me logging off the PC and them logging on.

    Also, for whatever reason, due to lack of computers / laziness / speed, many of my users (especially admin/support/medical ..) share a logged in computer to use SIMS. For this reason, i could never have full trusted auto, and it is for this reason i have held back a full roll out.

    I know, that if the log in screen changes to the Trusted version allowing single sign-on or username and password, i will end up with no end of support calls with confused users, despite the fact that the log in screen is self-explanatory and all they have to do is press OK to log in!!! I just know that a million people will ring me and ask what their username and password is.

    I'm going to have to wait until i can get a whole school meeting or an INSET day to explain it!

    What i don't really understand is why this debate always raises the same old issues over security and teachers not locking their workstations etc. etc. Can nobody see that if the teachers are logged in to SIMS when they walk off it's the same as if they have single-sign on or not. The issues are the same!!!

    Every time our network policy causes a password change, i have the same set of wisened users saying they have forgotten their sims password so that i will reset it, allowing them to bring it into line with their new network password. Now there is a 'change password' option on log on, they wont even need to do that.

    If staff are lax with one password, why not with two? I know it's no different here.

    For me, the benefit of single sign-on and speed of access far outweighs any security risks that are ever present the minute you let users onto a computer!

    When we get the SIMS learning gateway working, that will also be single sign-on as well, and carry with it similar security issues, but i'm not going to make people log in to use the intranet!

    The only thing that i could really use is the ability for a user to retain their old sims username and password, as an alternative to the trusted authentication. Much like new laptops will accept a fingerprint or username / password combo. That would be the ideal for me. None of the other issues are relevant as far as i'm concerned.

  9. 2 Thanks to vikpaw:

    jcollings (19th May 2009), Soulfish (19th May 2009)

  10. #9

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,459
    Thank Post
    408
    Thanked 672 Times in 614 Posts
    Rep Power
    192
    We don't use it here. Usernames and passwords are issued by the MIS manager and that's that. Have nothing more to do with SIMS, other than upgrades.

  11. #10
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,497
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    Quote Originally Posted by vikpaw View Post
    The only thing that i could really use is the ability for a user to retain their old sims username and password, as an alternative to the trusted authentication. Much like new laptops will accept a fingerprint or username / password combo. That would be the ideal for me.
    You can set it that way, he have here. All teaching and admin staff have trusted logons, mine is set on a username and password still. This means that they can open SIMS, realise they can't do something, call me and I can log in to SIMS and do whatever the task is without having to log out of the whole computer (which can take a while depending on what else is open at the time). It also means that I can get at SIMS from whichever of my 3 logons I'm using at that moment.

    In the System Manager, where you associate a SIMS account to a domain account, you just enter a username and password instead. Simple as.

  12. #11
    skunk's Avatar
    Join Date
    Mar 2006
    Location
    North West
    Posts
    311
    Thank Post
    88
    Thanked 40 Times in 33 Posts
    Rep Power
    30
    If your students know staff passwords, then access to the MIS is far from your only concern, IMHO.
    Tell me about it

  13. #12

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,956
    Thank Post
    775
    Thanked 1,487 Times in 1,234 Posts
    Rep Power
    367

    Smile

    Cheers Nick, i knew that already. What i want is both options at once for a single user, but that is just an ideal.

    What i have at the moment is myself with trusted authentication and everyone else with a username/password combo. I have set my own connect.ini to have trusted authentication, whilst everyone else uses a central one on the SIMS server. So on my workstation i have ease of use, and the option to log in as another user.

    If i am doing remote support i have another SIMS account, my predecessor's actually, that i use to do any other tasks whilst someone else is logged in.

    What for me would be handy is if once everyone has trusted authentication, some users could still have the option of using a username and password or trusted authentication. e.g. in the clinic we have 3 staff plus me when i visit to help out (with the computers not administering first aid!), but only 2 PCs. It's pretty important for us that whoever logs medical events and notes is logged into SIMS for tracking purposes.

    Yes it would be possible to just leave all of those users on username/password, i'd just like a cleaner solution, without having to create extra accounts for them as i have done for myself. If you look at our list of marksheets, it looks like the old SIMS guy is still setting up and managing the reporting system as i quite often work on another computer or do cloning elsewhere and it leaves his name on all the files!

    I believe that with trustedauto in the connect.ini if the user isn't set up to have single sign-on then after a while it prompts for a username and password anyway. I'd prefer it to be quicker and am just looking for an ideal, which is probably only relevant for me and my school, and not something that would be important for Capita to work on.

    Regardless of that minor issue for me, i favour trusted authentication all the way, as soon as possible. The less obstacles there are and fewer clicks for the user the better it is for all of us.

  14. #13


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,715
    Thank Post
    288
    Thanked 789 Times in 616 Posts
    Rep Power
    226
    For classroom teachers (limited access) and admin staff (secure, well-monitored environment) we do use it. For system manager level access I don't, but that's largely because I don't want SIMS credentials associated with the account I use for upgrades and troubleshooting.

    We force a 15 minute screen lock on registration thin clients (we use PARS) - the session is locked and the terminal disconnects the session.

    Two rubbish passwords aren't more secure than one rubbish password, especially when (if you can't ensure they're different) those passwords are likely to be the same. One good password is better, assuming you can drum that into your staff. Rubbish passwords/not logging off are a human/HR/management problem, not a technical one.

  15. #14

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    10,074
    Thank Post
    1,384
    Thanked 1,889 Times in 1,170 Posts
    Blog Entries
    19
    Rep Power
    614
    This is my personal opinion and interpretation of the data handling guidance (and open to debate) but this would immediately fall foul of the guidance. A single username and password which would allow access to sensitive and protected information about students including SEN, child protection issues (children in care, etc) and possibly staff personal details too depending on the roles in SIMS of various staff logging into the machine.

    If held upside down in a barrel of burning oil I would resist but should you not be the SIRO and have raised the concern and alarm with all the relevant people subsequently issued with the decree from manglement of 'Do it or else!" (and the union not backing your stance) then password protected screensaver set to 3 minutes is a minimum, strict policies that it is not to be running whilst connected to a data projector, a blanket ban on students using staff machines (logged in on a student account or staff 'just letting them on for a minute!') and making it a disciplinary offence for sharing your password with a student.

    Even then I would not do it for certain SIMS roles (anyone with system manager access, full SEN access, any member of senior manglement, exams roles, attendance officer or admin assistant)!

    And after you have done all of this, turn all the computers and servers off to make it all secure again.

    I cannot stress how ill thought out I believe this to be and would welcome a response from Phil on Capita's position on what guidance they give, to schools who go down this route, to ensure the security of data and information is maintained.

  16. #15
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    35
    We changed to the Trusted logons when we reinstalled or reattached or upgraded (I dunno it was the previous SIMS manager) something went wrong and it lost all the user passwords. At the time it was decided that it was easier to link them to the AD users then retype the passwords, expecially as SIMS made them all those stupid XKCDWVZXSJ type passwords.
    We don't have trustedAuto, cause we found some users (using Nova T4/Cover x) needed to be able to logon differently and SIMS .net couldn't cope.

    But at least I've managed to do away with the XLS file with all the usernames and passwords, which I was given when the SIMS manager left.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. SIMS: dropping logins when using dbAttach
    By Oops_my_bad in forum MIS Systems
    Replies: 4
    Last Post: 6th February 2009, 07:15 PM
  2. Trusted sites in group policies
    By cjohnsonuk in forum Windows
    Replies: 0
    Last Post: 16th April 2008, 04:02 PM
  3. Trusted Publishers
    By woody in forum Windows
    Replies: 4
    Last Post: 1st December 2006, 10:03 AM
  4. Trusted Publishers
    By woody in forum Windows
    Replies: 0
    Last Post: 28th November 2006, 01:03 PM
  5. Trusted Sites via Group Policies?
    By mullet_man in forum Wireless Networks
    Replies: 5
    Last Post: 12th January 2006, 03:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •