You can only access what you are given permission to access. Yes, the logs are private. Example: IT cannot go to IE to read the history of what web sites were accessed by the user without a search warrant or permission from the Vice Provost. Please read the AUP at http://www.msu.edu/au/. The section entitled: IV. Good Citizenship in "Cyberspace" should answer questions that you have raised privacy. There is also another document that might assist in some definitions. http://www.msu.edu/~ncc/Documents/SysOp/SysopD10.pdf This is the proposed system administrator's guide that is also under review and will, hopefully, be shorter than the current version. This guide is just a discussion document and is not official policy but it does reflect the current AUP and the definitions used within the AUP. I am concerned because I can see possibilities of possible misuse. -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Michael Surato Sent: Tuesday, March 29, 2005 5:10 PM To: [log in to unmask] Subject: Re: [MSUNAG] Virtual Network Computing Hi, Perhaps some clarification would help. Are you stating that this software is in violation of the AUP because it does not ask the user before beginning? If it does ask the user permission, is it still in violation if the user then uses it to access the logs or any other item besides the desktop? What is a private log? Are the system logs private? If so, on which systems (i.e. are domain controllers considered "private" systems, and thus the logs are inaccessible)? The biggest concern I see in the AUP is the idea of private information. That is to say, the delineation of public/accessible information and private/inaccessible information creates several headaches for IT. Especially if logs are included in the area of "private" information. +-------------------------------------------+ | Michael Surato | | Resource Center for Persons | | with Disabilities | | Michigan State University | | 120 Bessey Hall | | East Lansing, MI 48824 | | Voice: (517) 353-9643 Fax: (517) 432-3191 | +-------------------------------------------+ ________________________________ From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Linda Losik Sent: Tuesday, March 29, 2005 4:43 PM To: [log in to unmask] Subject: Re: [MSUNAG] Virtual Network Computing As a member of the AUP rewrite committee, here are some thoughts. If the end user agrees to allow you to access the desktop, you will be able to access the desktop and only the desktop. You can only access what you are given permission to access, and only enough that will allow the current technical issue to be resolved. And you cannot access anything else without the user's permission. This means that the user should not have to look for the color change from blue to green. The user should know immediately when IT logs on and logs off. The user should be able to terminate the process at any time. Under the current AUP and upcoming Statement of Acceptable Use, accessing private files, emails, logs, etc. are still inaccessible to IT. The only time IT is allowed to access systems logs and/or files is either having written approval from the Vice-Provost or by responding to a search warrant. The right to privacy is still paramount within both documents. For troubleshooting, the process has been described as "peeling an onion" on order to preserve privacy. I would have real concerns as to whether this app is approved by either the AUP or the SAU. Perhaps others of the rewrite committee would care to address this as well Linda Losik Health Information Technology ________________________________ From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jesse Howard Sent: Tuesday, March 29, 2005 3:47 PM To: [log in to unmask] Subject: Re: [MSUNAG] Virtual Network Computing Troy, Thanks for the reply. In the email that was sent out describing UltraVNC and what it does, the staffer who wrote the email used screen captures of both the features that you mention, the pop-up permission window and the system tray icon changing from blue to green. Okay, so there's at least one department that uses VNC. Any others? Anyone want to address whether or not VNC is legal under the AUP? And what about the privacy issue? Anyone care to make an interpretation of the AUP on where the IT admin's responsibilities end and the users rights begin at the workstation? Jesse Howard _______________________ IT Administrator Michigan State University Press [log in to unmask] www.msupress.msu.edu -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]]On Behalf Of Samone E. Jones Sent: Tuesday, March 29, 2005 3:34 PM To: [log in to unmask] Subject: Re: [MSUNAG] Virtual Network Computing Years ago when I used PCAnywhere for the same purpose, we had the same issue. PCAnywhere had a visual indicator - I think it was a little pc that turned green when someone else connected to the machine. So to soothe the users that were leery, we taught them how to identify when one of the IT staff were connected to the PC by using the visual indicator in the task bar. My point is maybe UltraVNC has a visual indicator like PCAnywhere - I think that would be a good way to get the users to put their guards down. SJ Samone E. Jones Information Technologist Family Consumer Sciences Phone: 517.432.4552 Email: [log in to unmask] -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jesse Howard Sent: Tuesday, March 29, 2005 2:10 PM To: [log in to unmask] Subject: [MSUNAG] Virtual Network Computing I want to start using UltraVNC in our office domain, for tech support and helpdesk purposes at the workstation level. A few of our users have gotten the idea that we are going to use it to spy on them, and look at their email. It's become a bit of a PR problem for the IT Admin staff. So I am wondering, is it legal to use software like this at MSU, under the AUP? If so, who here is using it? Have you run into issues with users like this, where they interpret something you are doing as an attack on their privacy? If so, how did you handle it? We have sent out an email describing the software, what it does, and the fact that we won't use it without their permission. It doesn't seem to have helped much. Any ideas? Jesse Howard _______________________ IT Administrator Michigan State University Press [log in to unmask] www.msupress.msu.edu