A department really has no authority to write their own "AUP" and neither would the type of agreement proposed below be appropriate. In the case that a user is having problems with their machine, they may give permission for you to access appropriate logs, settings, etc; however, browsing through their private files, emails, etc is strictly prohibited and would be a violation of the AUP. It is, however, very appropriate for a department (or other unit) to issue a statement of policy concerning compliance with the AUP. For instance, a departmental chair (as the local system sponsor) may ban office personnel from using "chat" during business hours, because they are chatting rather than doing their jobs. That doesn't mean, however, that the IT staff can go in and search folders to see if a user has inappropriate files without proper authorization. There may be certain specifications (for business reasons) put on office computers, for example it may be required that each computer have an antivirus program set to automatically update, have a firewall in place, be set for an automatic Windows update, etc. In the case of faculty computers however, it is very likely that the faculty member is the system sponsor (ie: purchased their computer from grant money, etc) in which case they hold that particular authority, not the department. That faculty member may request that their computer be set up to be accessed remotely or they may be asked if they will allow it, but it is inappropriate for IT to force the matter on them. Guidelines and/or suggestions, will go a long ways toward remedying this situation. As far as desktop administration software, it does have legitimate uses and in and of itself is not a violation of the AUP. In many cases, I don't think that it is being used as it should be, but that is because of what is being done with it, not because of the application itself. When it comes down to it, IT support and proper usage is a matter of integrety more than anything else. If you have any questions about this or any other AUP matter, please feel free to call me and I will be happy to answer any questions you might have. ~~~~~~~~~~~~~~ Randall J. Hall MSU Network Acceptable Use Compliance Academic Computing and Network Services 409 Computer Center Michigan State University East Lansing, MI 48824 (517) 432-5340 [log in to unmask] _____ From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Peter Cole Sent: Wednesday, March 30, 2005 9:29 AM To: [log in to unmask] Subject: Re: [MSUNAG] Virtual Network Computing What happens if we wish to write a departmental AUP of sorts? Well, more like a signed "computer support agreement" between the user and the IT staffed that, for example, stated (paraphrased), "I the user give the IT staff of Department X permission to view any and all system logs at their leisure." Would this written and signed permission then satisfy the AUP requirements? - Peter -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]]On Behalf Of Linda Losik Sent: Tuesday, March 29, 2005 4:43 PM To: [log in to unmask] Subject: Re: [MSUNAG] Virtual Network Computing As a member of the AUP rewrite committee, here are some thoughts. If the end user agrees to allow you to access the desktop, you will be able to access the desktop and only the desktop. You can only access what you are given permission to access, and only enough that will allow the current technical issue to be resolved. And you cannot access anything else without the user's permission. This means that the user should not have to look for the color change from blue to green. The user should know immediately when IT logs on and logs off. The user should be able to terminate the process at any time. Under the current AUP and upcoming Statement of Acceptable Use, accessing private files, emails, logs, etc. are still inaccessible to IT. The only time IT is allowed to access systems logs and/or files is either having written approval from the Vice-Provost or by responding to a search warrant. The right to privacy is still paramount within both documents. For troubleshooting, the process has been described as "peeling an onion" on order to preserve privacy. I would have real concerns as to whether this app is approved by either the AUP or the SAU. Perhaps others of the rewrite committee would care to address this as well Linda Losik Health Information Technology _____ From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jesse Howard Sent: Tuesday, March 29, 2005 3:47 PM To: [log in to unmask] Subject: Re: [MSUNAG] Virtual Network Computing Troy, Thanks for the reply. In the email that was sent out describing UltraVNC and what it does, the staffer who wrote the email used screen captures of both the features that you mention, the pop-up permission window and the system tray icon changing from blue to green. Okay, so there's at least one department that uses VNC. Any others? Anyone want to address whether or not VNC is legal under the AUP? And what about the privacy issue? Anyone care to make an interpretation of the AUP on where the IT admin's responsibilities end and the users rights begin at the workstation? Jesse Howard _______________________ IT Administrator Michigan State University Press [log in to unmask] www.msupress.msu.edu -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]]On Behalf Of Samone E. Jones Sent: Tuesday, March 29, 2005 3:34 PM To: [log in to unmask] Subject: Re: [MSUNAG] Virtual Network Computing Years ago when I used PCAnywhere for the same purpose, we had the same issue. PCAnywhere had a visual indicator - I think it was a little pc that turned green when someone else connected to the machine. So to soothe the users that were leery, we taught them how to identify when one of the IT staff were connected to the PC by using the visual indicator in the task bar. My point is maybe UltraVNC has a visual indicator like PCAnywhere - I think that would be a good way to get the users to put their guards down. SJ Samone E. Jones Information Technologist Family Consumer Sciences Phone: 517.432.4552 Email: [log in to unmask] -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jesse Howard Sent: Tuesday, March 29, 2005 2:10 PM To: [log in to unmask] Subject: [MSUNAG] Virtual Network Computing I want to start using UltraVNC in our office domain, for tech support and helpdesk purposes at the workstation level. A few of our users have gotten the idea that we are going to use it to spy on them, and look at their email. It's become a bit of a PR problem for the IT Admin staff. So I am wondering, is it legal to use software like this at MSU, under the AUP? If so, who here is using it? Have you run into issues with users like this, where they interpret something you are doing as an attack on their privacy? If so, how did you handle it? We have sent out an email describing the software, what it does, and the fact that we won't use it without their permission. It doesn't seem to have helped much. Any ideas? Jesse Howard _______________________ IT Administrator Michigan State University Press [log in to unmask] www.msupress.msu.edu