 |
 |
At 10:39 AM 3/30/2005, Randall J. Hall wrote: >A department really has no authority to write their own “AUP” and neither would the type of agreement proposed below be appropriate. What you are saying contradicts the discussion here several years ago and also contradicts the draft document http://www.msu.edu/~ncc/Documents/SysOp/SysopD10.pdf It specifically says that each system may have its own AUP, which may provide fewer privacy rights to users of that system than would be provided by the University AUP. My understanding is that the type of agreement proposed below would be entirely acceptable. The only requirement is that it be "aggressively advertised to users of the system". >In the case that a user is having problems with their machine, they may give permission for you to access appropriate logs, settings, etc; however, browsing through their private files, emails, etc is strictly prohibited and would be a violation of the AUP. It is, however, very appropriate for a department (or other unit) to issue a statement of policy concerning compliance with the AUP. For instance, a departmental chair (as the local system sponsor) may ban office personnel from using “chat” during business hours, because they are chatting rather than doing their jobs. That doesn’t mean, however, that the IT staff can go in and search folders to see if a user has inappropriate files without proper authorization. > >There may be certain specifications (for business reasons) put on office computers, for example it may be required that each computer have an antivirus program set to automatically update, have a firewall in place, be set for an automatic Windows update, etc. In the case of faculty computers however, it is very likely that the faculty member is the system sponsor (ie: purchased their computer from grant money, etc) in which case they hold that particular authority, not the department. That faculty member may request that their computer be set up to be accessed remotely or they may be asked if they will allow it, but it is inappropriate for IT to force the matter on them. Guidelines and/or suggestions, will go a long ways toward remedying this situation. > >As far as desktop administration software, it does have legitimate uses and in and of itself is not a violation of the AUP. In many cases, I don’t think that it is being used as it should be, but that is because of what is being done with it, not because of the application itself. When it comes down to it, IT support and proper usage is a matter of integrety more than anything else. > >If you have any questions about this or any other AUP matter, please feel free to call me and I will be happy to answer any questions you might have. > >~~~~~~~~~~~~~~ >Randall J. Hall >MSU Network Acceptable Use Compliance >Academic Computing and Network Services >409 Computer Center >Michigan State University >East Lansing, MI 48824 >(517) 432-5340 ><mailto:[log in to unmask]>[log in to unmask] > > >From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Peter Cole >Sent: Wednesday, March 30, 2005 9:29 AM >To: [log in to unmask] >Subject: Re: [MSUNAG] Virtual Network Computing > >What happens if we wish to write a departmental AUP of sorts? Well, more like a signed "computer support agreement" between the user and the IT staffed that, for example, stated (paraphrased), "I the user give the IT staff of Department X permission to view any and all system logs at their leisure." Would this written and signed permission then satisfy the AUP requirements? > >- Peter --Chris ============================================== Chris Wolf Computer Service Manager Agricultural Economics [log in to unmask] Michigan State University 517 353-5017