Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Management and User Consequences?

Posted by ryuzaki0 on from the battle-between-adminis-and-computer-saavy-users dept.

NNWizard asks: "I work in a large university in Belgium where the people in charge of university computer systems want to install LANDesk on every single computer connecting to the university network. The aim is to be able to manage software and provide centralized remote user support. In the old days, every department had computer guys dedicated to the department, and they knew all about the users and their needs. Now, they want to make the management of computer resources global. In most non-engineering faculties this is well accepted, however in the Applied Sciences Faculty the users are computer savvy -- they do not like the idea of giving out control of their computers to people they don't know. What experience does Slashdot have with such a situation? Was the deployment of LANDesk (or a similar software package) a good or a bad thing for the users? How were the privacy issues tackled? Were people still able to use their computers the way they wanted to use them?"

5 of 139 comments (clear)

  1. At my company... by parasonic · · Score: 5, Interesting

    We simply use the freeware version of RealVNC. When employees first join, they have to give up rights to "privacy" for the I.T. people. We respect official business, but unless it's someone high up in the company is working on some sensitive information, we typically assert our authority as our workers should only be working on official business.

    If you are concerned about privacy, I'd look into something simple like VNC if you have the management software to know who's using what computer when. It works VERY well with us and is very versatile--I can't tell you how many times it has saved our butts from having to drive 300 miles when we just put a VNC connection over an SSH tunnel at a remote jobsite.

  2. I don't think so.... by jipis · · Score: 5, Interesting

    I gotta say: As an admin, I enjoy having the ability to remotely see what's going on on my machines. If they're users' desktops, it's much easier to just get a view of their screen (think PC-Anywhere) than to keep asking them what they see now only to get half answers and useless replies.

    That having been said, what the university wants to do is 1) completely different and b) a Very Bad Thing. In my case, *I* am the admin and the machines are *MINE* . The university is looking to force anyone who wants to use its network to give them root on their machines? Puh-lease. It's time for departments who don't want to lose control of their PCs at this university to start looking for an outside ISP. Chances are there's already money in the budget for it: they probably kick in to the general IT infrastructure budget already.

    -J

  3. Seems alright to me by BobPaul · · Score: 4, Interesting

    I don't have any experience with LanDesk, but I think remote management/remote control software in general isn't so bad. If it's just remote control, that really isn't any big deal and comes in quite handy if you ever do have to call them for help.

    If they completely lock down the machines and take away your admin privilges, well that's life and it can be good or bad. Most often this is only a problem if need to install software and once this has been deployed for a short time and things are running more smoothly again this, too, should be relatively painless; just call or send an e-mail and someone can type in the password and install it. This kinda depends on the strength of your IT department, though. When I was in highschool the instructors machines were secured tightly and there wasn't enough staff to assist in installing software, preventing teachers from getting work done occasionaly. That was an extreme case, though (1 guy, hired as the Video Productions instructor, doing IT for the whole building...) I would expect that in your case it shouldn't be too painful.

    As a disclaimer, I am an IT guy and our engineering college at the university has it's own IT group that engineering student fees pay for. I know our professors (and students) were less happy when IT was managed by the main campus group; we're more responsive and less politically hampered.

  4. HIPPA and Remote Control by GJSchaller · · Score: 4, Interesting

    Something to consider that may not directly apply here, but will in related fields, is the legality of a non-authorized person having access to data, even though they administer a system. Specificaly, it is against HIPPA regulations for someone to look at medical records without permission or need for their job. For example, an IT guy would not be allowed to look at a medical record on someone's screen, if, say, they remoted in (or walked by, or had network access to a share).

    This is a tough line. Someone other than the authorized personnel needs access to the files to be able to do the techie admin stuff. At the same time, they should not be looking stuff up, as it's illegal and an invasion of privacy. The whole thing of "Who's PC is it, ITs or the User's" adds another party, the person profiled in the data on that system. (Usually, it's the employer's PC, but that doesn't stop users, esp. ones with Dr. sized egos, from feeling & acting otherwise.)

    I've worked in a hospital using Seagate / Funk Software Proxy. We had it set so that we could remote to a desktop, but the user had to grant permission to see the screen. Usually, this resulted in a decent situaton and an understanding - the user would clear all sensitive data from the screen before accepting, and if they got surley and decided not to accept, they got pushed to the bottom of the priority list (and they knew it). In return, the IT staff didn't abuse this ability, and for the most part would rather read slashdot than check out someone's PC. ;-)

  5. Re:They're full of crap by Anonymous Coward · · Score: 3, Interesting

    People who think they know about computers fuck things up. It does not matter where they work. I've seen people in IT royally Fuck up, because they only thought they knew. People who know about computers know not to patch so and so server or workstation to a certain level because some app breaks. I kept 150+ Windows workstations running because I kept notes.

    You don't always need the Service pack to be securely patched. You need to know what is a critical patch and what is just a bug fix that might fubar a server. Just because Windows update tells you to patch doesn't mean you patch blindly. Firewalls, real hardware ones, not just software ones, are essential in this case.

    You have to test your patches and need to know which ones you can back out of. You need to be able to re-image the machine back to its original state if you fubar a patch. Imagecast and ghost are great for these. You need to know what tools are available to you. I work in a small group under a slightly larger group that dictate the rules, but most of their windows admins don't know how to use the Windows resource kits or script things. They don't come from a unix world, so they all drag and drop. I do both Unix and Windows, so I know how to patch, compile, script, and program on both systems. I started as a programmer.

    You need to know which apps require admin priveleges and how to set them up so users can still use them without giving them full access to fubar things. Filemon and Regmon from systernals are quite usefull for that. I also admin unix and unix users should not have or need any Admin priveleges to do their work. Unfortunately, in the Windows world, you have to do a lot more work to get Apps to work properly in user space. A lot of Windows programmers just don't know how to program for users. Many just set up their box and run as an Admin and forget about users, so they write all these broken apps that work Only for admins. Windows makes it a complete PITA to properly write apps for user space.

    Visual Studio is just broken. I can't believe the number of people who waste time and use the IDE to build their entire projects instead of doing it 5-10 times faster by exporting it to a make file and run nmake. Yes Visual Studio can do Make files. Windows people are stuck to the GUI. It's a crutch. They like watching a useless GUI display things slowly. There's so many things on windows that can be done quicker and easier on the command line, unix style. You can compile faster. The IDE is a crutch. I can't believe so many users are using eclipse on Windows, an utter waste of CPU and RAM on both Unix and Windows. Eclipse just doesn't play nicely in Windows user space. I install it in c:\temp with full user control so users can clobber each other's work. If I had a choice I'd force them back to the command line.

    Good admins don't come to fubar your machine just because it needs patching. They track the patches and install ones that work. They know which patches break things because they've tested them. The problem with Windows is that most MSCE certificates are only good for toilet paper. I don't put my faith on paper admins.

    A good admin has some scripting and/or programming experience, a more common trait in the unix world than in the windows world. It's amazing how many MCSE's don't bother to learn either batch file scripting or VB. Both are as usefull as unix shell scripting. Windows only needs ssh to be able to match unix in ease of admining. Terminal Server is just a hog at times. It would be nice to have an ssh server always turned on instead of doing things in a round-about way when you wish to remotely script things on several machines securely.