IT Employment

General discussion


department wants a generic signon

By www network nazi ·
I am constantly being asked to create a single network signon for use with shared computers in our company. For example, a signon called "shipping" for anyone in the shipping dept to use on the computer they all share. I always demand that each employee have their own signon and that they logon and off each time they use the computer. Has anyone compiled a list of reasons why this is best practice and can someone state the Sarbanes-Oxley type laws that would demand this of a publicly held company?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

there's a place for these

by Dr Dij In reply to department wants a generi ...

if what they can do with that login is very limited. for example on our plant floor, we leave a few PCs logged into time tracking app, and the assemblers / machine operators scan their employee badge and the barcode for the job step they're spending time on.

if said login can do anything that needs to be traceable, e.g. who rec'd these goods, that you now find are missing/damaged/miscounted, etc you need to have personal accountability.

including browsing the internet. we log sites and track them back to workstations to prevent users from wasting time and browsing to sites unrelated to work and potentially dangerous e.g. viruses from porn sites, etc.

Collapse -

Very simple

by Tony Hopkinson In reply to department wants a generi ...

There are only two ways to maintain a departmental password.
You never change it, or you have to find some way of communicating the change round the entire department.
Back in the bad old days I worked on system who did point 2. They used to write it on a bit of paper and stick it next to the terminal.
The third and potentially much more critical point from my point of view in terms of data collection, your system will have no idea who did what. So now you've no security and no audit trail, why bother with a password at all?
When we introduced single sign on's everybody said the job would stop, it didn't.

Collapse -

In addition to DD and TH

by stress junkie In reply to department wants a generi ...

I would say that the first consideration is that this is a matter of policy and that makes it a management issue. A manager should make this decision, not a system support technician. Oops. I mean system support engineer. Hey I do the same work. I call myself a technician unless I'm talking to a pretty female.

Collapse -

Similar Situation

by rkuhn In reply to department wants a generi ...

We have a similar situation with our 20+ remote sites.

Most only have 128k ISDN (construction sites...that's usually all that is available).

Therefore, they aren't on our domain...not realistic with that kind of connection.

They logon locally with one sign on. After that though, all other software requires individual sign ons such as Citrix, ERP software, sales website, etc.

Sort of a hybrid model.

Related Discussions

Related Forums