A department really has no authority to write their own “AUP” and neither would the type of agreement proposed below be appropriate. In the case that a user is having problems with their machine, they may give permission for you to access appropriate logs, settings, etc; however, browsing through their private files, emails, etc is strictly prohibited and would be a violation of the AUP. It is, however, very appropriate for a department (or other unit) to issue a statement of policy concerning compliance with the AUP. For instance, a departmental chair (as the local system sponsor) may ban office personnel from using “chat” during business hours, because they are chatting rather than doing their jobs. That doesn’t mean, however, that the IT staff can go in and search folders to see if a user has inappropriate files without proper authorization.

There may be certain specifications (for business reasons) put on office computers, for example it may be required that each computer have an antivirus program set to automatically update, have a firewall in place, be set for an automatic Windows update, etc. In the case of faculty computers however, it is very likely that the faculty member is the system sponsor (ie: purchased their computer from grant money, etc) in which case they hold that particular authority, not the department. That faculty member may request that their computer be set up to be accessed remotely or they may be asked if they will allow it, but it is inappropriate for IT to force the matter on them. Guidelines and/or suggestions, will go a long ways toward remedying this situation.  

-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]]On Behalf Of Linda Losik
Sent: Tuesday, March 29, 2005 4:43 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Virtual Network Computing

As a member of the AUP rewrite committee, here are some thoughts.

 

If the end user agrees to allow you to access the desktop, you will be able to access the desktop and only the desktop. You can only access what you are given permission to access, and only enough that will allow the current technical issue to be resolved. And you cannot access anything else without the user’s permission.  This means that the user should not have to look for the color change from blue to green.  The user should know immediately when IT logs on and logs off.  The user should be able to terminate the process at any time.

 

Under the current AUP and upcoming Statement of Acceptable Use, accessing private files, emails, logs, etc. are still inaccessible to IT.  The only time IT is allowed to access systems logs and/or files is either having written approval from the Vice-Provost or by responding to a search warrant.  The right to privacy is still paramount within both documents.  For troubleshooting, the process has been described as “peeling an onion” on order to preserve privacy.  

 

I would have real concerns as to whether this app is approved by either the AUP or the SAU.  Perhaps others of the rewrite committee would care to address this as well

 

Linda Losik

Health Information Technology

 

---

From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jesse Howard
Sent: Tuesday, March 29, 2005 3:47 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Virtual Network Computing

 

Troy,

Thanks for the reply. In the email that was sent out describing UltraVNC and what it does, the staffer who wrote the email used screen captures of both the features that you mention, the pop-up permission window and the system tray icon changing from blue to green.

Okay, so there's at least one department that uses VNC. Any others? Anyone want to address whether or not VNC is legal under the AUP?

And what about the privacy issue? Anyone care to make an interpretation of the AUP on where the IT admin's responsibilities end and the users rights begin at the workstation?

Jesse Howard
_______________________

IT Administrator
Michigan State University Press
[log in to unmask]
www.msupress.msu.edu

-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]]On Behalf Of Samone E. Jones
Sent: Tuesday, March 29, 2005 3:34 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Virtual Network Computing

Years ago when I used PCAnywhere for the same purpose, we had the same issue.

PCAnywhere had a visual indicator - I think it was a little pc that turned green when someone

else connected to the machine. So to soothe the users that were leery, we taught them how to identify when

one of the IT staff were connected to the PC by using the visual indicator in the task bar.

 

My point is maybe UltraVNC has a visual indicator like PCAnywhere - I think that would be a good way to get the

users to put their guards down.

 

SJ

 

 

Samone E. Jones

Information Technologist

Family Consumer Sciences

Phone: 517.432.4552

Email: [log in to unmask]

-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jesse Howard
Sent: Tuesday, March 29, 2005 2:10 PM
To: [log in to unmask]
Subject: [MSUNAG] Virtual Network Computing

I want to start using UltraVNC in our office domain, for tech support and helpdesk purposes at the workstation level. A few of our users have gotten the idea that we are going to use it to spy on them, and look at their email. It's become a bit of a PR problem for the IT Admin staff.

So I am wondering, is it legal to use software like this at MSU, under the AUP? If so, who here is using it? Have you run into issues with users like this, where they interpret something you are doing as an attack on their privacy? If so, how did you handle it? We have sent out an email describing the software, what it does, and the fact that we won't use it without their permission. It doesn't seem to have helped much.

Any ideas?

 

Jesse Howard
_______________________

IT Administrator
Michigan State University Press
[log in to unmask]
www.msupress.msu.edu