+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 32
School ICT Policies Thread, VNC Policy for technicians in School Administration; If we want to snoop we could. That goes for the majority here. Most would not get close to being ...
  1. #16
    dalsoth's Avatar
    Join Date
    Sep 2008
    Location
    Cambridgeshire
    Posts
    547
    Thank Post
    190
    Thanked 108 Times in 80 Posts
    Rep Power
    47
    If we want to snoop we could. That goes for the majority here. Most would not get close to being caught doing so unless there were really tight security in place for monitoring this. We don't because most of us are professional enough to know right from wrong and understand the implications of doing such a thing.

    You may get a trigger happy junior tech who wants to have a peek at some teachers screen when they first see something like VNC in use. Secure it with passwords and such and wait till the tech is mature enough to handle the responsibility. I think in this day and age a policy is a good idea so that you have some protection should accusations start to fly. Most of us will have a simple understanding in place however, that says we ask before we view and assist.

    You can even edit remote desktop to allow unsolicited access if you wish with a few tweaks to GPO's as i have played with this on a test network.

    We tend to email the teacher or update the helpdesk requesting access at a certain time with their permission if we feel the job is quicker done this way. If the staff are unhappy with this there are no hard feelings and we will do it in person instead. Never had anyone say no yet.

    I understand the principle worrying about such access but i would explain that as an administrator i have full access to all of the files on the system at any time. Junior techs would obviously not have those same rights.

    (bet your principle is typing out the BSF plans to remove you all!! Load VNC quick!!!)

  2. #17

    Join Date
    Oct 2007
    Location
    Lincolnshire
    Posts
    133
    Thank Post
    0
    Thanked 22 Times in 22 Posts
    Rep Power
    18
    Do those of you using VNC have a unique password for each instance? If you don't there's a major security problem.

  3. #18

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,187
    Thank Post
    1,454
    Thanked 2,513 Times in 1,750 Posts
    Rep Power
    755
    If the 'sensitive document' is being saved onto the network, or even onto the teacher's school laptop, then our policies cover us to look at it anyway. The key is, only when it is deemed necessary. Perhaps a line in the AUP for technical staff to cover the use of remote viewing is needed, but that is about all.
    I am fairly shocked that a teacher appears to think that another member of the school - a techie - is likely to be randomly roaming about looking for things he shouldn't be. After all, any member of staff could go through another teachers locker or desk or whatever, but that doesn't immediately occur to them, does it?

  4. #19
    mpe
    mpe is online now

    Join Date
    Nov 2008
    Location
    Exeter
    Posts
    1,152
    Thank Post
    121
    Thanked 70 Times in 61 Posts
    Rep Power
    34
    Quote Originally Posted by Edu-IT View Post
    I imagine a lot of us have better things to be doing than going through peoples documents/looking at their machines.
    Unless they do something to draw attention.e.g. complaining about something "not working" or doing things they most definitly shouldn't be doing. (Possibly complaining about being unable to do something they shouldn't be attempting in the first place.)

  5. #20
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    Quote Originally Posted by ChrisH View Post
    I dont install on the office PCs. It's a pain but it means I get some much needed exercise every now and again!
    You can use RDP in then which you can easily tell because it locks their local screen.


    VNC also by default changes the system tray icon when someone connects unless you disable it.

  6. #21
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75
    Quote Originally Posted by witch View Post
    If the 'sensitive document' is being saved onto the network, or even onto the teacher's school laptop, then our policies cover us to look at it anyway. The key is, only when it is deemed necessary. Perhaps a line in the AUP for technical staff to cover the use of remote viewing is needed, but that is about all.
    I am fairly shocked that a teacher appears to think that another member of the school - a techie - is likely to be randomly roaming about looking for things he shouldn't be. After all, any member of staff could go through another teachers locker or desk or whatever, but that doesn't immediately occur to them, does it?

    I had a member of staff come in an try to drag me down to their room at the other end of school, I said we can view their desktop from here (as they were with me) so I did. They immediatly commented "Oh you can see my screen and my personal email". I replied well yes remote support is mentioned in the AUP that you of course read and signed and you really shouldn't be using personal email in work time on a public terminal if you're bothere about people seeing.


    @theriver
    The problem with VNC is that snooping without detection is possible.
    The problem is that almost all can be setup to allow this. Net Support, VNC, RRC, ABTutor and Dameware are ones we use and all can be setup this way. Dameware is specifically a bussiness tool with FIPS compliance and you can still do this.



    As for document access if your staff have DA rights then they can do everything, the only way around this is to have a third party company that sets up the system and doesn't give site staff DA access.
    Last edited by cookie_monster; 2nd December 2009 at 09:28 AM.

  7. #22

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,560
    Thank Post
    721
    Thanked 1,682 Times in 1,497 Posts
    Rep Power
    432
    You could use something like VNC One Click Free Tool instead so it's the user requesting the remote support from you, well on the admin/HT pc's anyway.

    Ben

  8. #23
    bmdixon's Avatar
    Join Date
    Apr 2008
    Location
    Birmingham
    Posts
    257
    Thank Post
    44
    Thanked 58 Times in 39 Posts
    Rep Power
    23
    Quote Originally Posted by theriver View Post
    The problem with VNC is that snooping without detection is possible
    We have access to all machines, but it prompts for mslogon credentials every time. It is also logged in the event viewer so you can see who looked, when, and for how long (by seeing the connection/disconnection times).
    There needs to be a trust of the IT Staff, i could if i wanted access any files anywhere on the network. I have better things to do and know that unless i have been asked/have good reason i shouldn't be accessing other peoples areas. Without trust we can't do our job efficiently!

  9. #24

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,962
    Thank Post
    1,208
    Thanked 1,074 Times in 765 Posts
    Rep Power
    332
    Quote Originally Posted by j17sparky View Post
    Do you have encrypted MyDocuments with a randomly generated backup password stored in a safe which you dont have access to? If not then whats to stop you looking through her documents folder, or even taking a copy of the whole lot and publishing it on the net (for arguements sake)?

    As said its a matter of trust, and thats one of the reasons IT professionals in industry are payed a wage which reflects this.
    I agree totally.

  10. #25
    stratisphere's Avatar
    Join Date
    Apr 2007
    Posts
    295
    Thank Post
    33
    Thanked 87 Times in 31 Posts
    Rep Power
    31
    To quote a rather awesome "Top 10 Tips ICT Support would like you to know" list, number 10 is:
    And finally, yes, I can read your email, I can see what web pages you look at while you are at work, yes, I can access every file on your work computer, and I can tell if you are chatting with people on an instant messenger or chat room (and can also read what you are typing). But no, I donít do it. Itís unethical, Iím busy, and in all reality you arenít all that interesting. So unless I am instructed to specifically monitor or investigate your actions, I donít. There really are much more interesting things on the internet than you.

  11. 2 Thanks to stratisphere:

    dalsoth (2nd December 2009), danrhodes (2nd December 2009)

  12. #26
    pinemarten's Avatar
    Join Date
    Dec 2005
    Posts
    232
    Thank Post
    23
    Thanked 24 Times in 16 Posts
    Rep Power
    28
    it really depends on the relationship between teaching/admin staff and tech support at your particular establishment -at some schools, the atmosphere is one of helping each other , learning together , using our expertise to resolve difficulties.

    at others, there may be an atmosphere of resentment and mistrust, which only deteriorates further once staff discover that their every move can be monitored - perhaps by the person they would least like to be doing the monitoring.

    it's all about power for some, you see - we have access to things that they don't, can control things that they don't understand, and can make them look foolish and incompetent in so many ways - if we choose to

  13. #27

    Join Date
    Apr 2006
    Posts
    390
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    45
    Quote Originally Posted by cookie_monster View Post
    The problem is that almost all can be setup to allow this. Net Support, VNC, RRC, ABTutor and Dameware are ones we use and all can be setup this way. Dameware is specifically a bussiness tool with FIPS compliance and you can still do this.
    Oops, I hadn't intended to imply that this was limited to VNC, sorry.

    We're in a position of trust, just as the finance people are trusted with money - and just as with finance I think there's two aspects to it:

    1) acting in a trustworthy and professional manner, and being seen to be doing so
    2) being prepared for when trust breaks down. By this I mean that although 99% of the time everything's fine, at some point there could be a situation where either a member of technical staff deliberately does something wrong, or an accusation is levelled at an innocent person.

    Admins don't have to have access to everything, it's quite possible to lock yourself out of a share - but letting yourself back in again leaves tracks, and that's your protection.....

  14. #28


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    Quote Originally Posted by theriver View Post
    ...but letting yourself back in again leaves tracks, and that's your protection.....

    Not if you know what you are doing it doesnt (or atleast on a standard windows setup ie one which 99.99% of schools will have).

    As i said the only way on a standard windows setup is with encrypted documents, and that still isnt perfect.

  15. #29
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,417
    Thank Post
    655
    Thanked 278 Times in 245 Posts
    Rep Power
    78
    Quote Originally Posted by keithu View Post
    Do those of you using VNC have a unique password for each instance? If you don't there's a major security problem.
    I've not used VNC for a while, but last time I did (it was the Ultra flavour) there was an option to tie it into the MS Logon Credentials, so if you are using VNC then this is probably the best option as then when your password changes so does the one for VNC and I'm pretty sure you can lock this down to Admins only too.

    Though this thread has raised a question for me now and I'll be looking into what protection there is for the NetSupport / iTalc implementations I have at schools. As has been said, why would I want to look at staff files unless they have asked me to or I have been directed to by SMT, but it's better to protect ones self too one thinks.

    Last edited by soveryapt; 2nd December 2009 at 11:57 AM. Reason: :)

  16. #30
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    877
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    36
    I generally just ring the person concerned and ask if it is ok that I remote into their machine.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Ultra VNC vs Real VNC
    By rdk in forum Network and Classroom Management
    Replies: 12
    Last Post: 27th October 2010, 03:27 PM
  2. Technicians pay
    By Corky in forum Educational IT Jobs
    Replies: 29
    Last Post: 26th June 2009, 02:51 PM
  3. What do technicians do?
    By beeswax in forum General Chat
    Replies: 40
    Last Post: 19th July 2008, 08:22 PM
  4. Sharing Technicians
    By GrumbleDook in forum General Chat
    Replies: 13
    Last Post: 9th May 2006, 01:51 PM
  5. ICT Technicians
    By steve in forum Educational IT Jobs
    Replies: 0
    Last Post: 19th October 2005, 08:20 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •