Re: Impersonation/Shadowing and Data Security

[Louis APONTE <LouisAponte () WEBER EDU>]

Impersonation and shadowing request are vocalizations of the ability to
view what the user is viewing.
I would recommend using a remote assistance program which fulfills the
request, adds a provision for permission to be granted and mitigates
access risk.
Windows 7 has an excellent remote assistance feature, however our
service desk currently uses a third party utility by NTR support.
Basically, it is platform independent so more suited for our
environment. I would remind you that the privileged user can be more
damaging to the enterprise, by virtue of those privileges.
We also use the student limited user accounts, but to do otherwise is
too risky 
 

 
 
Louis Aponte

Weber State University
Enterprise Business Computing 
Desktop Security
 
þ Please consider the environment before printing this e-mail!

 
> > > On 2/13/2012 at 11:06 AM, in message
<6EE90EA87D4BAB47AAE40DAA1C4F03888F5F6C573B () V-EXCH01 gold ad bentley edu>,
"Norman, David" <DNORMAN () BENTLEY EDU> wrote:


All,
 
We have a request to provide a student impersonation/shadowing
capability for university staff in several offices as a means of “seeing
what they see” when a student or applicant calls with a question about
our student portal.  This capability would allow staff to log in as the
student and troubleshoot, with access to all personal student data on
the system.  I was curious if other schools have implemented anything
like this in their student portals, and what additional data
security/auditing measures might have been taken.
 
Thanks
 
David 
 
David Norman Director of Administrative Computing, Bentley University