none
Policy reguarding accessing remote PC's RRS feed

  • General discussion

  • What are the guide lines you company uses reguarding accessing remote PC's? For example is your helpdesk allowed to check WMI information without the users concent? Can they access the C$ share and modify files?

    My company does not have a policy reguarding this and was just wondering if there is a standard.

    • Changed type Kevin Remde Wednesday, November 3, 2010 11:41 AM This is more of a discussion and a request for further suggestions.
    Tuesday, November 2, 2010 9:38 PM

All replies

  • I should think the standard would be that if it's a company owned asset, then the policy is that the IT group should have fulll access to it.  And if it's a person's own computer that they're using for work, then there should be an agreement that states that they will be trading their right to privacy for the need to be supported, should that need arise.

    Yes, this is definitely something that you should have in writing, approved by the business owners (or legal department), and made known to all employees.

    I'm interested in other's thoughts on this as well.

    -Kevin


    Kevin Remde US IT Evangelism - Microsoft Corporation http://blogs.technet.com/kevinremde
    Wednesday, November 3, 2010 11:45 AM
  • Hey Cobra7,

     

    My thought on this is the following. Like Kevin I strongly suggest to get whatever you decide to put it on paper.

     

    First, if you as an IT pro want to help your customers (the users) you need some basic rights. Which is access to their PCs.

    You might decide that when you remotely take over there screen that you give the user the feeling that they are in control to  first ask them through a pop up an box if it is ok to start a remote session.

    As for rights to see or check WMI information, it is crucial for the IT pro to assess the health of a PC. So I would argue that without this info workstation management is non-existing.

    Would I give IT pros C$ access again the same as WMI most definitely. Will I accept a IT Pro to change user content NO. You could also argue why there is user content on a workstation. I would first suggest to put this user data centrally on a file share. If you look at a central managed model you always see that admins have access to the users data but are not allowed to change data.

    I don’t know how big your IT department is but I would not suggest to give everybody of the team access to data. See who really needs it and who does not. Just give away special rights like that to the admins that need it and are trust worthy enough. An IT pro has a lot of times a special trusted position in a company so know who you trust. You won’t give away domain admin rights to any IT pro would you?

     

    I hope this helps in developing a good policy for both end users as administrators.


    Follow me on Twitter (RickSlager) for updates about all latest news from Microsoft
    Thursday, November 4, 2010 8:42 PM
  • It is my understanding that assets owned by the company are (legally) assumed to accessible by the company. There is no doubt that written company policies that EXPLICITLY inform an employee are most appropriate. It is also my understanding that, generally, personal laptops (used at work) are considered PRIVATE without direct disclosure (written is always better) to the employee.

    I am not an attorney (so take it that way) but am sharing my "understanding or interpretation". Essentially, I believe that a court will examine what a "reasonable" employee would "expect" in relation to privacy. I think a reasonable employee expects their personal hardware to be private. However, a company should then be explicit about the use of personal hardware at work. It may be banned (company secrets could easily be transferred to personal hardware).  It may be allowed with access restrictions, or only if the expectation of privacy is released. 

    Most companies (that I am aware of) go out of their way to make clear what an employee "should expect". For example, company Email is NOT typically considered private, but its always best to directly inform employees not to expect company Email to be private.

    Additionally, with access to shares of client PCs, I don't know how mission-critical files could be backed up, or, as others noted, how the general health of hardware could be determined. So, I think most companies lean towards IT having full access to all hardware allowed within their network.

    Friday, November 5, 2010 6:51 PM
  • I will support every body above by adding that

    you are pretty much entitle to do whatever  TrevorW, Rick and Kevin said above,

    as long as it is not a private owned assed and or you have to let everybody know of your intention before anything.

    Letting them know what you are going to do will lawfully give you the right as long as the are using your company network ressources.

     

    I hope this helps

    Friday, November 5, 2010 9:02 PM