General discussion

  • Creator
    Topic
  • #2175716

    Search Employee Computers

    Locked

    by tsert ·

    I am the network administrator for a small business. Most of our employees use laptops so I cannot monitor their activities, but I do updates and preventative maintenance. At the time when I am updating I take a look around the documents and settings folder and view there history just to make sure there is no undesirable data or websites visited. I know there is another way to check hidden files in DOS but I was wondering if there was some way to search and view websites and cached items (mainly pictures) all in one program instead of searching through docs and settings folders until I see a file name that flags my attention? can anyone help this would reduce my time dramatically.

    Thank you in advance for your responses

All Comments

  • Author
    Replies
    • #3234093

      website checks

      by bhunsinger ·

      In reply to Search Employee Computers

      go to the :\Documents and Settings\USER\Local Settings\Temporary Internet Files and open the files in there, dirty pictures will jump out at you if you have Microsoft pictures on the machine, or any thumbnail picture program.

      • #3246777

        Software Solution – Maybe

        by dennis.rhine ·

        In reply to website checks

        My first question would be one that has been asked by others – what is the official company policy regarding this. In my company we have a policy that states that a user has no expectation of privacy and that their computer can be checked at any time. Fair enough – so long as it is the policy.

        If there is no policy then I wouldn’t spend the time looking for what websites a user had cruised to.

        If there is a policy then I would recommend a software program that tracks this for you. We use one called ActMon and it can track web useage, Internet chat, applications used, etc. We set it to only track Internet based uses. it generates a realtively small HTML file and can even zip these up to save space, save them to a network share, or email them automatically on a schedule.

        • #3244066

          Index Dat Viewer

          by ka4nmx ·

          In reply to Software Solution – Maybe

          Do a Google search for Index.dat Viewer. A free index reader that will get all kinds of info quick and eaisly. I use it almost daily.

        • #3262579

          Company Policy and WMI

          by spamsux2 ·

          In reply to Software Solution – Maybe

          Dennis is absolutely correct. Without a properly written policy, you don’t have a leg to stand on.

          Once you’ve got a policy in place, you can begin searching out what you’re looking for. Given that, if you are working in a M$ shop, with a little coding in WMI you can interrogate systems for cache info, file types, etc… Additionally, with WMI you can copy, delete or remove the files to a server automatically when they log on to the lan without them ever knowing.

          If you aren’t up for coding, AuditWizard (www.auditwizard.com)is a nice, affordable software package that will interrogate the systems for the basics and can run searches on remote systems for different file types. Also, the reporting tools can help you out with obtaining your numbers for licensing and finding restricted apps that the user has installed.

      • #3248650

        No Expectation of Privacy – Check this out..

        by bubba ·

        In reply to website checks

        I dont know what the laws are in your state, but in Florida a business can make a policy that states there is no expectation of Privacy. That means if its on the work computer or work email – they CANNOT expect that it is PRIVATE.

        I am a Network Analyst II for a huge hospital in Florida. I work closely with our Data Security department in monitoring Internet usage (ISA Server and GFI monitor)… if I see abnormal habits I search the hard drive for non-business software or inappropriate materials. If I catch someone going to Adult sites, Chat sites, Dating sites or surfing while they are suppose to be working I turn them into Data Security with the evidence. So far, 3 individuals in the last 90 days have been terminated because of it. Am I sorry? NOT ONE BIT! These people are surfing or doing NON-Business related activity while our patients could be neglected.

        If I see someone surfing more than what I would consider appropriate I turn them in. They are employed by the hospital to do a job – in one way or another that job means PATIENT CARE. Am I a hard A**? Why YES I AM! I have a job to do and that is to protect the hospital and its patients. If one of those bonehead users downloads a virus they place ALL our systems in jeopardy. Dont think this doesnt include DOCTORS! I have turned in two doctors for inappropriate web surfing habits to Data Security. The Data Security Officer went to the Medical Chief of Staff, both of those doctors were given a very point blank warning about those habits.

        Our CIO put it this way “These folks are treating the hospitals computers as “Extensions” of their HOME computers, this is unacceptable”. Webshots, Gator and all that crap do nothing but put the systems in jeopardy. I will continue to do my job and if it means someone getting fired….please, let me hold the door 🙂

        Jim S.
        Florida

        • #3248521

          Damn right!

          by dave ·

          In reply to No Expectation of Privacy – Check this out..

          Jim,

          We need more people like you!

          I got fed up with all the whiners complaining about their rights to this, that and the other.

          Staff should not use their work computers for activities they can do at home..

          Plus if a virus did appear on the network and work was lost/network went down or some other problem just who would get the blame?

          The IT department would!

        • #3248454

          Absolutelydootely

          by alanchcc2000 ·

          In reply to Damn right!

          We the invisible blamed by the many for their screw ups
          Come the revolution……………

        • #3245942

          Kudos to you Jim..

          by technicallyright ·

          In reply to No Expectation of Privacy – Check this out..

          I agree with your stance and attitude 100%. People need to take responsibility for their actions and if you have admin support (which is rare) it makes your life that much easier!

        • #3261216

          “Atta Boy

          by eric_s9 ·

          In reply to No Expectation of Privacy – Check this out..

          I am with you %100. If the device (laptop, desktop, etc.) isn’t yours, meaninbg that you bought and paid for it yourself, it isn?t YOURS. It is the companies and you have no expectation of privacy and/or exclusivity. If you use the device improperly (contrary to the rules your employer sets out) you can expect disciplinary action, or dismissal!

        • #3062719

          Are you someone who know everything ?

          by 3xp3rt ·

          In reply to No Expectation of Privacy – Check this out..

          How do you know how many time take for obtaining a usefully information for somebody?s job. This article you put to this site from home or from job?
          It?s possible for a doctor to search some information in internet for saving a live, he find a lot of information and need to navigate for consult all.
          It?s a possibility even this.

    • #3234069

      Can I have your name and the name of your company?

      by dc_guy ·

      In reply to Search Employee Computers

      I don’t ever want to do business with either of you.

      • #3339253

        Ethics?

        by jdclyde ·

        In reply to Can I have your name and the name of your company?

        We don’t need no stinken ethics…

        People like this make the rest of us look bad.

        Are you sure your not just trying to find where all the good porn sites are?

        Does YOUR boss know that you are behaving in such an unethical behaviour? Does his boss? How many people will come to you for support if they know you are trying to get them busted for something that you don’t seem able to control?

        • #3340725

          Not an ethical/non-ethical type thing – its his job

          by tomsal ·

          In reply to Ethics?

          This situation isn’t one of being unethical, a little over the top for my tastes to just do these searches without anything to amount to probable cause, but its not unethical. It sounds like someone is doing their job to me.

          In my other post I explain, but basically we also scan computers here for everything really.. Could be spam, viruses, undesirable emails/documents, “dirty” pictures, etc.

          I consider myself a very ethical and moral person with good values and I believe in you treat people fairly and honestly. But I have done these searches myself. Granted I’ve had reason and it was targetted at a specific invidual after we had reason to suspect something was going on. Nonetheless, I’ve done them.

          What’s more is I’m completely honest with users. I flat out tell them what we do. That we monitor activities on the network and suspicous users will cause us to wad through their computer and the entire contents of the hard drive.

          Unethical would be NOT doing a search because your “feelings are hurt” at the thought of “violating” someone’s private space. Blah blah blah. Its work damn it – here take this violin and play it for yourself.

          😉

          Now what you do with YOUR computer on YOUR time — I really couldn’t care less.

        • #3341246

          I agree

          by tech_guy1 ·

          In reply to Not an ethical/non-ethical type thing – its his job

          No one has considered to ask him why or reason for what he has asked.
          At my company we run monitors on every pc. We are not trying to cause trouble. We are trying to be proactive on our systems. We monitor applications installed on the drives, web sites visited, etc. It is in our policy and everyone understands it. The reason we do this is to catch spyware, viruses, etc. from entering our network. When monitoring the pc’s we can usually clean the infected system before it becomes a problem and block the web sight that it came from so it cannot happen again.

        • #3195790

          I side with BHunsinger

          by ammaina ·

          In reply to I agree

          I fully side with BHunsinger, no plicy in place, then its invasion of ones privacy! Get a policy in place then you can snoop around

        • #3195064

          You seem to have it backwards.

          by deepsand ·

          In reply to I side with BHunsinger

          While I concur that a publicly stated policy is a good idea, it is not true that, in the absence of such, an employee has a reasonable expectation of privacy with regards to the use of company properties.

          Quite the contrary is true, as has been reaffirmed by numerous court decisions.

        • #3341557

          Being a snoop may be required!

          by dtaylor2 ·

          In reply to Not an ethical/non-ethical type thing – its his job

          Now with SOX, security industry regulations, HIPPA and others – you may HAVE to snoop soon.

          Liability, compliance, productivity – I don’t think its a question of ethics – Its good business. We are VERY happy with: http://www.spectorcne.com/ it does all the heavy lifting. Make sure your employees know you have it and you may never need it.

          Here are the facts according to Gartner and others (from Spectorsoft’s site mind you).

          > The ease with which sensitive documents can be attached to email communications (intentionally and accidentally) and sent with the press of a button creates potential for loss of proprietary information.

          > Non-work related Internet surfing results in up to a 40% loss in productivity each year at American businesses.2

          > 58% of industrial espionage is perpetrated by current or former employees.3

          > 70% of all web traffic to Internet pornography sites occurs during the work hours of 9am-5pm.4

          > Out of 800 workers surveyed, 21% – 31% admitted to sending company confidential information, like financial or product data, to recipients outside the company by email.5

          > 48% of large companies blame their worst security breaches on employees.6

          > 46% of the one thousand largest companies globally will be utilizing IM as a daily communications tool.7

        • #3246751

          Sales pitch

          by red_wolf9 ·

          In reply to Being a snoop may be required!

          I have to ask… are you a VAR for them. Seems like a full blown sales pitch to me, how about the price where is that stat??

        • #3246694

          Too expensive for me

          by kickme ·

          In reply to Sales pitch

          I wanted to know more about it,
          so I looked into it.

          $38.40 100-500
          $33.60 500+

        • #3247713

          Not what but why

          by lombroso2 ·

          In reply to Being a snoop may be required!

          don’t ask yourself what happens over the network, ask yourself why it happens. You probably will find very interesting reasons. Your statistics shows clearly that the majority of workers are bored with their work, or hate their work or both together. See if you can prevent instead of spend much time on useless security. Do you track by the way your management traffic.

        • #3247690

          Just Restrict

          by davea1955 ·

          In reply to Not what but why

          If surfing the Internet is such an issue, create work groups and restrict the sites (inter or intra) access to that which is required for the employee?s job. Or is that too much like work?

        • #3247497

          forgot to read it?

          by itaintnothang ·

          In reply to Just Restrict

          He asked how to monitor it on laptops that are taken off site, and used on out side networks that may not have any security. Its a very legitimate question. The way in which he asked it makes me wonder if he is looking for an easier way of extracting the files to take home for his personal collection. Either way there are those that read these forums to get information that may be helpfull to them as well. So, if the question may have legitimate uses for others, but illegitimate reasoning, just answer the darn question.

          I have the same problem and am looking into either putting a local app on each laptop to block, and or a monitoring tool.

        • #3247507

          There’s More!

          by gario ·

          In reply to Being a snoop may be required!

          Let’s add fraud. Remember these are company laptops. I’ve had surfing the net during business hours to include porn sites, entertainment sites, weapon sites, religious sites, etc. And of course, everytime they boot up the laptops, there’s a warning that states for business use only! There is no privacy on a company resource.

        • #3341545

          It is ethical

          by charleshagen ·

          In reply to Not an ethical/non-ethical type thing – its his job

          It is ethical for a company to protect interests of it’s operations (and hence it’s workers) by checking this from time to time.

          Is drug testing unethical? No it is not. In cases of government contracts, it is sometimes required.

          If you protect the company, you are ALSO protecting the JOBS of the employee.

          We found an employee moonlighting with a corporate competitor. When this was discovered, corrective action was taken. Jobs (many who used to complain) were saved (even the pious whiners appreciated that).

          If there is true teamwork within a company this ends up not being a major issue.

        • #3341494

          Ethics don’t apply here

          by cagedmonkey ·

          In reply to Not an ethical/non-ethical type thing – its his job

          I couldn’t agree more. As long as people are aware that their PC’s are subject to search at any time I don’t see it as a problem. You have to remember the PC’s are the property of the company not the individual.

          We approach it more from a legal liability standpoint. We search on a regular basis for illegal downloads including MP3’s and videos and stuff. Last thing we want is to get sued by the recording industry or any of the other behemoths. The porn isn’t as much of a concern for us as we are using a proxy server that pretty much blocks all of that type of content. but we still search for it any way.

          With today’s lawsuit climate you have to do this stuff or risk getting sued.

        • #3246791

          I agree BUT…….

          by jsdutcher69 ·

          In reply to Ethics don’t apply here

          I agree that ALL employees (even the CEO’s and high execs) should be subject to these “searches” as well. There is nothing more scary to a company and it’s business about doing something unethical on a business PC. Just make sure that it’s in the employee manual when they are first hired and once they sign it that they have a copy and understand it, they are at risk of the outcome of their actions.

          With my job here, I won’t do it because there is nothing in the employee manual about it and I do not want to be the scapegoat for any exec because of a law suit against the company.

        • #3246748

          good call

          by red_wolf9 ·

          In reply to I agree BUT…….

          I agree, what some people here fail to understand is that searching with a documented company policy provides you a get out of jail free card should the disciplined employee go after you (personally) due to the results of your “investigation”. Not to mention I doubt that more then 1% of the people posting here have any formal forensic training that would allow them to testify as a expert witness much less collect evidence in a manner that would be acceptable to a court of law.

        • #3246739

          Problem with that is…….

          by kenw ·

          In reply to I agree BUT…….

          You may become the scapegoat anyways. Anything that is done on a corporate PC makes the company liable, not the individual. You are putting your company at risk by not scanning the machines.

        • #3246637

          Let me be clear

          by red_wolf9 ·

          In reply to Problem with that is…….

          I’m not saying don’t scan, I do at my job. But that scanning is AUTHERIZED. All employees sign an Internet Usage document, and they are told multiple times a year that they are monitored. Our remote control software is designed so the user has to accept the connection before we can remotely work on their machine (thank you German legal system).

          BUT, if you?re scanning without a written authorization to perform such actions, you personally can, in fact, be sued. When you operate outside of corporate legal authorization you lose the umbrella of corporate protection. Trust me on this, we fired one of our sysadmins for “taking a look” at salary information. He had the rights but not the authority.

        • #3248665

          Ethical

          by joey indolos ·

          In reply to I agree BUT…….

          That’s true; what is “ethical” in this situation all boils down to what is explicitly written down in the rules. If it is against clearly written company policies to engage in certain activities with company equipment, and all employees are made aware of it (at the point of hiring and, as is the case with our company, with regular yearly updates), then engaging in such activities is unethical and the company has a right to check for it. However, if there is no company policy against such activity, then it is the snooping around that would be unethical.

          However, as with most things in our complicated life, there are gray areas. I don’t know what the law has to say about it, or even if there are applicable laws in the first place, but if there are no clearly written policies, then things can get touchy. For instance, if company equipment is used for illegal activities, i.e., things which are against the law of the land, then such activity would be unethical, even if there is no clear company policy against it. But if there is no company policy on the matter, then snooping around could be unethical too — there’s such a thing as due process, and even law enforcers have to get warrants and such to do such investigations. Of course, it can be argued that it is company property, but, as I said, this is a very gray area and I’m not familiar with what our laws have to say about it.

        • #3246714

          Exactly what I would have said

          by cduckadm ·

          In reply to Not an ethical/non-ethical type thing – its his job

          I agree with TomSal we are hired to protect a network not the people on it. If we allow this type of unethical behavior on the network to continue we are just asking for something to happen to it. Since our employers expect a certain level of security we need to do everything in our powers including searching systems for inappropriate material.

        • #3246711

          Being a snoop may be required!

          by dtaylor2 ·

          In reply to Not an ethical/non-ethical type thing – its his job

          Now with SOX, security industry regulations, HIPPA and others – you may HAVE to snoop soon.

          Liability, compliance, productivity – I don’t think its a question of ethics – Its good business. We are VERY happy with: http://www.spectorcne.com/ it does all the heavy lifting. Make sure your employees know you have it and you may never need it.

          Here are the facts according to Gartner and others (from Spectorsoft’s site mind you).

          > The ease with which sensitive documents can be attached to email communications (intentionally and accidentally) and sent with the press of a button creates potential for loss of proprietary information.

          > Non-work related Internet surfing results in up to a 40% loss in productivity each year at American businesses.2

          > 58% of industrial espionage is perpetrated by current or former employees.3

          > 70% of all web traffic to Internet pornography sites occurs during the work hours of 9am-5pm.4

          > Out of 800 workers surveyed, 21% – 31% admitted to sending company confidential information, like financial or product data, to recipients outside the company by email.5

          > 48% of large companies blame their worst security breaches on employees.6

          > 46% of the one thousand largest companies globally will be utilizing IM as a daily communications tool.7

        • #3246575

          Supposed to be working!

          by gorto ·

          In reply to Not an ethical/non-ethical type thing – its his job

          I agree 100% I were hired to “work” not play or check ebay, yahoo or my E*trade account. Besides no one where I work had to buy their workstation, they were given a company desktop computer or laptop and connected to the company network and highspeed access. The laptop and desktop computer that I use is for company business and the company has the right to control, monitor or terminate it’s use and or user.

        • #3246539

          You can say that again!!!

          by huantedwolf ·

          In reply to Supposed to be working!

          What is the deal with all these “ethics” questions? If they were to come into your house and start smelling your kids underware you’d be the first one in line to see them put away and castrated! Now, to make a more reasonable arguement, I know that not everything is that extream. The whole point is that you should be working and that the PCs and network infastructures are there to help in that reguard. Its not there as a suplement for your own high speed connection. If you want to search for porn, check personal e-mails, play with your stock account, then do it from home!

          The company that I work for doesn’t even hesitate when it comes to this stuff. We are a small company right now (25 employees up from 5 2yrs ago) and we don’t have the time to go in and fix issues that come up as a result of improper internet use.

          If you really have to check all of these things during the day then you really should think about working for yourself. Then you can find out first hand why it is that companies hate the down time when your messing around causes issues or even down time/data loss.

          Don’t think of it as an “Invasion of YOUR privacy,” think of it the same way that you do when you lock your doors at night or arm your car alarm in the parking lot. You are looking out for your own interests. Well, so it the company. Like I said earlier, (rephrased) you’d be pisses if your home was violated by someone whom you invited in, right?

        • #3246493

          I disagree

          by stefan_b ·

          In reply to Not an ethical/non-ethical type thing – its his job

          I’ve been in this business for more that 10 years, doing Network admin, DB admin (for ERPs), etc. I’ve came across confidential info a few times. It’s unavoidable.
          I believe that information belonging to the user is confidential and its retrieval cannot be made part of my attributions. It should be treated with the same confidentiality as any other part of the company data.
          If someone must spy on them (users) then let the personnel dept do it. I won’t, and I can’t respect people that do. I’m not responsible for the user productivity… or else, they should change my title and paycheck 😉 I worked my butt way too hard on technical issues to be dragged in this kind of trash.
          It goes without saying that I don’t condone such behavior, but there’s no way I’ll start spying on the private behavior of my users. Sure, when they bring in virii or spyware, I investigate – without involving personnel. I regard it as my failure rather than theirs. If I’m good, they can’t do it. If they can, it’s my fault.

          Just my 2 cents.
          Stefan.

        • #3247810

          I Also Disagree

          by ron.huff ·

          In reply to I disagree

          Playing Internet Cop is the responsibility of HR and when you get involved in this sort of privacy issue, you run the risk of losing your job or much worse. If you have the time to snoop on your users, you aren’t doing your job because we all know that there is always something more important that needs to be done and never any time to do it. Past experience revealed that those IT individuals who snoop on thier users do so because it is a legal way to view illegal images.

        • #3247522

          110% with you on this.

          by mfrankii ·

          In reply to Not an ethical/non-ethical type thing – its his job

          I believe if people have the time to search for undesirable material on company time and computers, two things come to mind: (1)Doing personal business on company time is and should be treated like stealing and (2)What else are they doing? Are any files or docs relevant to the company secured or any information leaked?

        • #3341368

          Ethics? bleh

          by seanl ·

          In reply to Ethics?

          Ethics has nothing to do with it. It’s a question of company liability and user productivity.
          We know that there will be a certain amount of personal internet/e-mail usage, and fair use is acceptable as long as user stay within the guidelines – i.e no porn or undesirable content. We actively monitor everything. (all automated) if someone is spending too much time on the net, or accessing too many blocked sites, then we will investigate further. All our users know this, and it is a fair policy.
          As regards the company liability part: if someone pastes naked woman all over their desktop, and someone walks into their office and is offended by it, then that person can hold the company liable (i.e civil action) if it can be proved that the company is not trying to stop such content.
          These are company resources, and as such are wholly owned by the company. Our users have no expectation of privacy at all. This does not mean that the IT techs can just browse any users files, there must still be a reason to do this.
          At the end of the day, the users that stay away from undesirable content are not investigated in any way. they all understand this, and accept it as fair policy.

        • #3341339

          It’s *all* about ethics…

          by kinrowan9 ·

          In reply to Ethics? bleh

          SeanL, I disagree, ethics has *everything* to do with it, and your post actually outlines my reasons for believing so.

          You say:
          “…if someone is spending too much time on the net, or accessing too many blocked sites…”
          and
          “…there must still be a reason to do this.”

          I think those kind of monitoring is just fine, and should be expected by employees, even if there’s no stated policy to that effect. If there’s a problem of some kind then it will be dealt with appropriately.

          What tsert is saying has no indication of any kind of “probable cause” or reason for suspicion at all. He says:
          “At the time when I am updating I take a look around the documents and settings folder and view there history just to make sure there is no undesirable data or websites visited.”

          There’s no indication that there are any productivity issues or reasons to believe that anything untoward is going on. It’s certainly legal for tsert’s company to have this policy, but it’s also certainly distasteful and unethical. And the argument that tsert is just doing his job doesn’t wash with me either. There are plenty of ways that someone can “do his job” but still act in an ethical manner, and tsert’s wording indicates that he agrees with his emplooyer’s mandate (I mean, he’s trying to do it better, right? If he didn’t agree he could just do it poorly.) In fact, there’s nothing in tsert’s post that even indicates that it’s an employer policy at all.

        • #3341293

          The company owns the PC & everything on it.

          by sww ·

          In reply to It’s *all* about ethics…

          If you are at work, on a company-owned PC, laptop or desktop, they own everything on that physical asset. All the email, pictures, or logs of websites visited. Period. If you don’t agree, test it in court. The courts have consistantly held with the above. There is almost no right to privacy at work. At HOME is a different matter. But at work, you are selling your time in exchange for money, and using company property to do your work. Surf the web all day and email inappropriate pictures at your peril.
          I hate having to monitor fellow employees. And we don’t do it unless there is a complaint lodged first. But I will do it if ordered to because it’s part of my job.

        • #3246709

          I strongly disagree with this..

          by mawth ·

          In reply to The company owns the PC & everything on it.

          The reason I disagree with this is quite simple. I travel for my job. I carry a company computer. I do my banking on-line when I’m on the road. Does the company now own my user ID and password to my bank account?

          They may have a right to monitor what I do during business hours, but after hours?

        • #3246686

          Policies

          by fresnotech ·

          In reply to I strongly disagree with this..

          I have been reading all of these comments, and yours got my attention. You travel for your job, and they provide you with a computer to do that job. They do NOT provide you with a computer to do your online banking. They have a legal right to block access to certain websites, certain programs, and certain parts of the computer itself if they so feel it is in the company’s best interest. Odds are, depending on your systems admin, you had to sign a piece of paper that says something along the lines of “The computer equipment belongs to XYZ corp. Anything put on the computers is property of XYZ corp. Do not install anything on the computer. The computer is provided for company use only…” and so on. I have found that most people don’t read the IT policy, and just assume they can do anything they want anyway. I know that our policy here states explicitly that we can access their machine and their email at any time in an effort to clean something up, or to protect the interests of the comapny.

          As for your question, No, they do not own your user ID and password, but they do have the right to block you from using the equipment to do it, whether before or after hours.

        • #3246659

          Tough…

          by gbig@customerselects.com ·

          In reply to I strongly disagree with this..

          If I lend you my car, and you run it into a telephone pole, who pays?

        • #3246638

          Re:Ckoupal “Tough…”

          by fresnotech ·

          In reply to I strongly disagree with this..

          I think there is an important piece that people seem to be missing in the original post. He is not saying that he is going to “snoop” around on the person’s computer. The admin is doing some work on the machine already, whether it be preventative maintenance, updating Windows, or the like, and while he is on, he is making sure that there isn’t anything on the machine that shouldn’t be there, such as pictures and whatever. He is not asking for anything that would violate the user’s privacy as much as he is asking for a tool that will go out, look for questionable material, and show him a list so that he can clean it up so that he doesn’t have to go looking through personal Word documents, or pictures of someone’s kids or whatever. He is trying to protect the company, and at the same time, get off the employee’s machine as quickly as possible.

        • #3246541

          Disagree all you want, but…

          by rick_fowler ·

          In reply to I strongly disagree with this..

          … the facts remain that you have a company computer, not a personal one. The company has a right to put a key logger on their computer, regardless of your feelings (not that they would, but kust to point out that it’s their property to use as THEY see fit). If your comapny has a written policy that lets you do your personal banking on their computer, then all is well. If they don’t have a policy, or if the policy says you can’t, then you might have a problem. The thing to do is to discuss the issue with management and get them to OK such use, and you will then be ethically using the computer for personal business. If not, personal use is unethical rather than determining that such use has occurred.

        • #3246465

          If you do it with their computer

          by jamesrl ·

          In reply to I strongly disagree with this..

          They have the right to know. They won’t get access to your ID and password if you follow simple steps and use a secure browser.

          Many won’t care. Mine didn’t within reason. Banking is ok, stock trading was not.

          James

        • #3247501

          No Problem

          by gario ·

          In reply to I strongly disagree with this..

          I have no problem with banking even during business hours. Or other personal matters that you must attend to while on the road. I’ve been called to audit many a laptop and what I report are entertainment, dating, weapons, porn, and other visited sites that are listed as taboo with the corporation. Use commen sense.

        • #3246795

          After hours…ANY hours…

          by mr l ·

          In reply to I strongly disagree with this..

          If you don’t want my staff to know what you are doing with a laptop while you are on the road, carry your own.

          It’s simple, it’s the law, it’s completely ethical. As long as you are using a company PC/network/email system you have no expectation of privacy whatsoever. I’m continue to be amazed at the number of bright, educated IT staffers/management in this thread who don’t seem to grasp the basic concept at work here.

          If best practice and legal doctrine aren’t enough for you people, what is? Help me understand how any of you feel that your company does not have full and absolute rights to monitor and control what you can or can’t do while using company-owned resources?

        • #3261870

          RE; Any Hours …

          by copterdoc ·

          In reply to I strongly disagree with this..

          The last part of your reply seems absolute. If this logic were to be applied to all company property, we would then say that when you were in the lavatory, you were using company owned equipment and were subject to loss of privacy. This is not true. The issues are complex and require policy, interaction training (as applicable) and reinforcement from time to time.

          A zero tolerance approach has lead to the confiscation of fingernail clippers and toy soldiers at airport check points. This is neither productive nor contusive to an efficient and effective environment. The tone of some of these replies would lead me to think that a congratulatory e-mail or invitation is grounds for dismissal at some companies. That is positively Orwellian. Establish your policies and do what is required but lighten-up.

        • #3246704

          Missing the Point

          by oconnb ·

          In reply to The company owns the PC & everything on it.

          I think it is agreed that if there is something that alerts IT to a specific individual, then a search should be more than warranted. However, going on a witchhunt just to find people without any cause whatsoever is just not right. It creates and environment of fear and animosity. A definite level of Us vs. Them will be created and Trust will be thrown out the window!. Without trust, productivity will suffer in the long run.

          Just make it known to all what the overall mentality is as far as Computer use and the impact of improper use and you will have a user base that will work a bit more cooperatively with you. When they do the wrong thing after that, you come down REAL HARD. That will set the example.
          As any of you probably know, almost any machine out there could be considered as off Color or inappropriate or against Company Policy if you look hard enough. Stop with the Games and do what it is your are supposed to do. Make money for the Company so that they can pay you at the end of each week! Remember, if you have that kind of environment where you feel empowered to watch everyone else, there will come a day where you should wonder, Who is Watching You?

        • #3246678

          Re: Missing the point

          by fresnotech ·

          In reply to Missing the Point

          I know that being watched is something that happens. I know that what I do is subject to being watched. I know this because I read the IT policies that came with my employee handbook stating that anything I do on a computer here is subject to auditing and I am responsible for anything found on the computer at any time. I signed it before they gave me the ability to make sure that other machines weren’t being used to surf porn, check personal email 100 times a day, and so on. I fully expect that my supervisor is watching what I do on my computer. It is not only expected, but I accept it, and welcome it. I would rather have someone making sure that I am not turning my computer into a zombie for some virus because I didn’t recognize the email that I received, or that I am sexually harassing someone because I was looking at a website that I probably shouldn’t have been. They might have just saved me from getting sued by someone who saw me saying something on a message board that I shouldn’t have said and that someone else found offensive.

          In all fairness, we monitor. Our employees know we monitor. They accept that we monitor what they do. They EXPECT that we are monitoring them all the time. Recently, when someone found out that we didn’t have a “remote control” program on the machines, they were surprised, but when we went to install one in an effort to fix errors that pop up without trying to walk someone who has very little tech knowledge, 99% of our employees loved it, and some asked why we didn’t have it before now. The way of business is now, and always has been to watch out for the business. Whatever you do on your computer is a reflection on the business. As IT people, it is part of our job to make sure that what you do on the computer doesn’t reflect poorly on the business.

        • #3341288

          Blah

          by saintgeorge ·

          In reply to It’s *all* about ethics…

          You are splitting phylosophical hairs trying to make your point. You think it is ethical to go against the legal right of your employer. What will you do if your boss orders you to check what the users are doing? Resign? Cool, go ahead. It’s your right. That won’t make it an obligation for the rest of the world. Be as confrontational as you want to but shush, don’t go around calling people unethical for the job you have not the guts to do. Makes me wonder, what would they find on your pc…

        • #3246792

          *That* was certainly personal…

          by kinrowan9 ·

          In reply to Blah

          …but what they’d find would be a lot of work that I do on my laptop in my off hours. Most of it is work for my company. Some of it is for myself. They’d find a lot of emails to my wife and family, some of which is personal, but none of which would I have problems with them seeing.

          You’re right (and so is ncornett) that my response was logically sloppy. I was incorrect to imply that it would be ethically OK to do a bad job (although there are times when I wish people did their jobs more poorly, this shouldn’t be one of them). I was also incorrect to apply ethics here, I think; provided that the expectations are clear this activity is both legal and ethical.

          However, I *still* feel it’s distasteful and “wrong” in the sense that I wouldn’t want to work for a company that did this. My work computer is monitored, but those lgs aren’t actively retrieved unless there’s some other indication of abuse or issues with performance. That seems in line with acceptable corporate behaviour to me, but actively seeking it out where there’s no other indication of problems seems over the top.

          So, I stand corrected, but my mind not changed.

        • #3246657

          I agree

          by sbmknight ·

          In reply to *That* was certainly personal…

          It is the IT department’s job to make sure their computers and networks are safe and secure, and I don’t think anyone here is arguing otherwise. However, to snoop around individual workstations looking for…who knows what? just boggles my mind. I too would never want to work for or with a company, or co-worker, who wants to snoop around on users computers just to see if they *might* be doing something wrong. Unless you have reason to suspect that a user is doing something illegal or against company policy, or is putting your network or company at risk, I say back off.

          my employer logs internet usage with software on our proxy server (I’m not responsible for it and thus can’t tell you what software we’re using), but our manager only runs reports on user’s activity when requested by that person’s manager…in other words, when there is reason to suspect inappropriate activity. Our internet usage policy allows our users personal use of the computer (and the internet) during their lunch and breaks, with certain restrictions (no porn etc.) and a user was recently disciplined for on-line gambling during lunch, even though it’s not specifically prohibited in our policy. But we didn’t initiate that query…the department did.

        • #3248215

          ID systems

          by dr dij ·

          In reply to *That* was certainly personal…

          Doesn’t seem like an intrusion detection system would be very effective if it only monitored when someone ‘thought there might be a problem’.

          half or more of security breaches are done by employees.

        • #3341268

          Reply To: Search Employee Computers

          by tonythetiger ·

          In reply to It’s *all* about ethics…

          It’s ethical for an automated program to do it but not for an IT person to do it?

        • #3341538

          It’s ethical to do your job poorly?

          by nkc ·

          In reply to It’s *all* about ethics…

          I believe if employees are told nothing is private and monitoring may be done, then searches are ethical. I frankly think a company is being irresponsible if they don’t protect themselves and those they serve/support by monitoring what’s happening – whether that be financial audits or possible dangerous/inappropriate use of their equipment and employee time. That said, I’m not condoning a searching for the personal interest or satisfaction of IT folks. Appropriate guidelines make for appropriate monitoring.

          And I have problems with this comment: “There are plenty of ways that someone can “do his job” but still act in an ethical manner, and tsert’s wording indicates that he agrees with his emplooyer’s mandate (I mean, he’s trying to do it better, right? If he didn’t agree he could just do it poorly.)”

          Does that mean that it’s ethical to take an employers money and trust, then intentionally do a bad job?

        • #3341273

          Not unethical

          by tonythetiger ·

          In reply to Ethics?

          Preventative maintenance. Example: I was scanning the network for duplicate files (pictures mostly. What happens is someone will take pictures of somethiing work related (flood damage for example) and put them in a common directory, then 50 people will copy some of these to their personal directory. And then when they’re done with them, they end up leaving them there.)

          Anyway, while scanning for these dupes, I came across several hundred wma files. It seems some people copied CDs to their personal drive (and many of them the same ones!). THey didn’t know that their “My Documents” folder was on the network. Well, that got me to looking for audio/video files and I found a bunch of them, some “off color”, but all against policy.

          I’ve had two kinds of experiences related to this. If I just tell the person and get them to delete the files, then later someone gets in trouble for the same thing, I get accused of playing favorites. If on the other hand, I tell my supervisor of my findings, and the person ends up getting in trouble for it, the environment around here is such that I’ll get accused of “trying to get” someone. or it will be said that “Tony turned you in!”

          From now on, and I told my supervisor this, when I see something, I am just going to delete it myself and not say anything more than putting it in as a ticket in the helpdesk software.

          The benefit: I found 77,000 duplicate files, 20,000 of them unnecessary, and managed to get rid of over 12 gig of junk off the network in less than four hours! That’ll get the time for a full backup down to under 48 hours, which is what I was trying to do, because when it runs past that, it impacts network and server performance during working hours.

          Most of us just want the network we are taking care of to work the best it possibly can. Anything that relates to that is “my job” (and maybe it’s just me, but after you’ve seen hundreds and hundreds of “nekkid pictures”, you kinda get immune to it, and they become just “another file” to be dealt with).

        • #3341245

          The rest of us look bad?

          by info ·

          In reply to Ethics?

          If the laptops and computers belong to the company, the company has a right, and a responsibility to make sure that the content is in line with their policies. Dirty pictures and such on company computers put the organization at risk for law suits for hostile workplace, sexual harrassment and a whole raft of other complaints. It is too bad that people cannot see that it is the responsibility of IT Admins to keep the goals and policies of the the organization enforced.
          If you can’t police your users, everybody ends up looking bad

        • #3341507

          I agree completely

          by breadtrk ·

          In reply to The rest of us look bad?

          Unethical my big pimply butt.

          It is MY computer on MY network in MY building using MY pipelines on MY dime. I have absolute and complete control over what you can or can not do. If you break my rules you will pay for that discretion, verbal warning, written warning, showing you the door.

          This is a black and white issue, there is no ethical “gray” area here. You either do your job properly and to the best of your ability and document users who abuse company resources or you go find another job.

        • #3246712

          Well said as long

          by tony hopkinson ·

          In reply to I agree completely

          as long as you accept that it’s my skills, my knowledge, my time and my ability and if you can’t show some trust and respect I won’t work for you. There are plenty of other employers who will.

          There are never grey areas in ethics, simply different systems of them.

        • #3246499

          Employees & Customers who Surf

          by dreamcin ·

          In reply to I agree completely

          I have read many topics here and this is the first one I feel compelled to respond to. There are so many various opinions, with so many valid arguments.

          I provide technical support for legislative customers and am a technical lead for 14+ Call Center Agents. I also am a HUGE multi-tasker to get everything done on a regular basis. Everything that has been discussed here has a catch 22.

          I surf the web to find items to help support my customers and train other Call Center Agents. I have trivia games for my Agents to win prizes that require them to find the answers. I support customers who abuse the internet access and cause problems to their systems because they try to download items and install them. (We have Windows XP and have locked down their ability to install almost all products). I also have Call Center Agents who I find are surfing the web instead of working on projects they were given and when busted I get “Oh I am on break.” Yet I also, if ever, have time to turn on my own computer at home to take care of business. During my lunch or after hours I have booked travel, banked online, bought concert tickets, etc. Where do we draw the line?

          1. A policy must be in place to handle these new and ongoing issues.
          2. The policy must be in writing so an employee can not argue privacy violations and other issues.

          I don?t know how I would complete many of the things I do if I couldn?t surf and do some personal things during office hours. Then again I know that my computer belongs to the agency I work for and if I don?t keep my system clean I could loose the personal items I do have on my PC because of maintenance issues. See there is always a catch!

        • #3341561

          Not ethics issue if forewarned

          by mmcdonal ·

          In reply to Ethics?

          We tell all of our users that the equipment they are using is for official business purposes only, and that they have no reasonable expectation of privacy in the contents of the machine. Every time they log in they have to acknowledge this. We can therefore take any data we want on useage. The law is behind us on this.
          And to those weenies who don’t want to do business with the original poster, boo-freakin-hoo!

        • #3341559

          What are you talking about?

          by havilandr ·

          In reply to Ethics?

          The company owns the computer, the software, the data, the liability of everything the employee does with this computer.

          Use Boss Everyware.

        • #3246586

          IT Idiots

          by n3voc ·

          In reply to Ethics?

          If that’s the additude the last 2 replies have, I don’t ever want them working for me. And 1 of them is a consultant…WOW.

          It is the job of IT to monitor this if it is the companies policy, and most companies have such a policy. The computer and everything that goes with it is company property and should only be used for business.

        • #3247823

          Cool! A manager!

          by stefan_b ·

          In reply to IT Idiots

          Cool screen name dude! And call yourself a manager.

          Lately, I’ve seen lots of people confusing IT with other business areas. True, we solve many problems and we have to understand business processes, to help users do their jobs. But we’re not in physical security. According to your (highly debatable) logic, it means that if IT configures the CardAx system, then IT’s to blame if the security guard sleeps and uninvited persons enter the company’s premises. Totally wrong. As is the rest of your statement. It is not IT’s responsibility to monitor users. No IT is signing personnel info non-disclosure agreements; That’s personnel’s job. If someone needs to monitor, it’s them. Contrary to your impression, IT is technical and has better things to do. Sure IT installs content screening/blocking systems, but…

          With regards to the title of your message… I believe you’re lacking elementary manners. I just hope the only person you’re allowed to manage is yourself. I wouldn’t be working for you. Ever!

        • #3247546

          Not Ethics, just business

          by hipaa guy ·

          In reply to Ethics?

          Anyone who works in an organization that is covered by any oversight rules knows that unless you are proactive regarding this type of thing you are not doing your job. Legal issues abound, someone viewing porn opens any organization to sexual harrassment lawsuits at the least, security issues are also related as many porn sites are also Spyware traps or spamhaus’s

        • #3247107

          How Ridiculous

          by elctbreaks ·

          In reply to Ethics?

          Unethical? Covering the a** of the company by making sure no one is viewing potentially illegal material on the company network? Save the for home, work is work, period. YOU make the rest of us look bad by defending potentially illicit behavior.

        • #3247093

          Amen.

          by deepsand ·

          In reply to How Ridiculous

          It troubles me greatly to see how many of our brethren present, both here and in numerous other discussions, seem to believe that the property of others must perforce be subject to their personal use.

          I wonder how many of such would be willing to allow the rest of us the same with respect to their personal property!

        • #3062882

          Lay off the man who looks out for you

          by webjosh ·

          In reply to Ethics?

          There are valid reasons for the requirement to do this sort of thing.

          Let’s start with the fact that the computer that you use at work does not belong to you and you have no right to privacy when you use it. It is a tool that was provided to you so that you can perform a function for an employer and is only to be used for that function.

          If you’re yelling and screaming at the Network Administrator because he is enforcing company policy, then you stick out like a sore thumb as someone who is doing something that they shouldn’t be doing with company property.

          You’d be surprised how many people come to him for support because they blow up their computers with illegally downloaded programs and viruses. I think that if fewer people came to him for support because he enforced that policy, it would be a welcome thing.

          I don’t just arbitrarliy scan employee data to look for things to bust people on. I’m actually pretty liberal with the policy compared to most admins. I do reserve the right, however, to do a network wide search through employee email and files at any time should there be a security or administrative need.

          Remember that when the network goes down, servers blow up, the BSA audits the network, or an unfriendly hacker works his way in via trojan, we are the ones responsible.

      • #3341151

        What’s wrong with monitoring

        by dr dij ·

        In reply to Can I have your name and the name of your company?

        internet usage? perhaps you think employees should be allowed to browse porn instead of doing their job. Perhaps they should be allowed to browse jobs at Monster.com on company time. Maybe download spyware, trojans and viruses at same time to make your job easier.

        I don’t think I’d ever hire YOU if you didn’t proactively prevent employees from j**king off at work, which they love to do. This fellow can’t use surfcontrol type software if laptops used at home.

        We even had one episode where an employee sent a fax to a competitor from our fax machine detailing a confidential meeting shortly after it was over. I’m sure you can tell all your employees never do anything wrong or waste time.

        • #3341359

          re: What’s wrong with monitoring

          by stubby ·

          In reply to What’s wrong with monitoring

          > This fellow can’t use surfcontrol type software
          > if laptops used at home.

          Correct me if I’m wrong, but isn’t this what teh new SurfControl Mobile Filter is all about in version 5?

          We don’t use that bit here, but we do use SurfControl the main product (and I love it ….).

        • #3341306

          How to do a dirty job right.

          by cfrankel ·

          In reply to What’s wrong with monitoring

          The jist of this is litigation. A company has to protect itself AND it’s employees. But is that what you’re after? Or are you tyrying to impose your morals and punish offenders. If doing your job and protecting your company is the objective then there is only one way to do this properly.
          1) Start with a cleanly imaged laptop.
          2) Provide VPN access through a firewall that only allows access to company catalog Busimess and information sites. And provide proper Virus and Spyware protection.

          Any other way of doing this is nuts.And, if you spend your time scanning for photographs then you are nuts.

          The government has Image Recognition software it uses to to flag Child Pornography etc.. You may purchase such an item. Or you can mimic this activity when certain no no sites are flaged with warning messages or a message asking the employee to justify their business need to access the site.Employees will quickly learn to use their own home computer for such tasks. If your employees are all using laptops, perhaps they all travel too. That would mean they give up a lot of personal time for their company. It’s only fair to give a little when you take a lot, so leneincy and soft warning should be the credo. But your job is to protect your company AND it’s employees from themselves, not to act as the MORAL Police. It’s best to handle thee issues up front and prevent the access from the get go. So you should either lock down these laptops or issue company disclaimers that state the company is not responsible for the non-business activities of their employees. But scanning via eyeball manually is non-productive and rediculous. I would onl;y do such a thing if the employee was ratted-out or suspected of sexual mis-conduct while on company business.

        • #3341274

          RE: How to do a dirty job right

          by mick11 ·

          In reply to How to do a dirty job right.

          cfrankel is correct in his post. You really don’t want to be caught up in auditing PC’s, unless you and your company are protected. For starters, do users even know they are subject to monitoring or auditing? If the answer is no, then STOP! If yes, then get written authorization from your supervisor before commencing these activities.

          If it needs to be locked down, do it properly, otherwise don’t snoop, esp. if you don’t have the policies to support your actions. You can get yourself and employer into trouble!

        • #3341509

          Difference of Opinion

          by kroyce ·

          In reply to How to do a dirty job right.

          cfrankel,

          You make an assertion that our job is not to “act as the moral police”. while I agree with this assertion in the secular marketplace there are many Christian/Muslim/Hebrew businesses/non-profits with moral codes of conduct. Adherence to these codes is critical to the ongoing viability of these enterprises. For example, World Vision (A Christian Organization) relies on donations to provide aid locally and across the world. Christian donors would be less likely to give if World Vision’s image was tarnished due to lack of vigilance. There are deeper psychological and spiritual arguments than this to support a moral aspect to monitoring. Just my 2 cents

        • #3341558

          ????

          by sgray0707 ·

          In reply to What’s wrong with monitoring

          Maybe I am missing the big picture here. Is the internet the only way to waste company time? Most of these post you all seem to be concerned with wasting company time. I could sit around and read the news paper. The JOBS sections, as some of you mentioned Monster. I could look at a magazine that is not work related. Are you now going to “Police” these activities also? I think the larger picture is just that. That are plenty of things an employee can do that is not job related. IS a smoke break job related? My point is if you are going to “police” the internet usage you need to “police” everything else. I am not saying that in some cases it is not warranted, however to just go out there and look for trouble is crazy if you are not going to do it across the board. Why limit it to just the internet or computer usage?? A large part of building a successful team or company is trust! if you have ever read the 5 dysfunctions of a team the first and root dysfunction is trust. What kind of message does that send to your “team”, your company? If you have a reason to distrust someone that is a different story but just to distrust everyone is a sure sign of failure. I think this is where the comment “I don’t want to do business with your company” came from.

        • #3341500

          I’ve said the same thing here

          by tonythetiger ·

          In reply to ????

          But they concentrate on the people who surf too much or take too many smoke breaks, and ignore the employee who is constantly out of sick leave, shows up late nearly every day, or spends most of the day either on personal phone calls, or sitting in other employees offices gossiping.

        • #3246793

          ARE WE BEING HYPOCRITICAL

          by avid ·

          In reply to ????

          as far as wasting company time….. i wrote this post while at work so yes i am wasting company time, however, this is not infecting my machine (i hope) and no company secrets are being given out. how many you guys wrote your posts while at work. be honest.

        • #3246602

          Reply To: Search Employee Computers

          by fresnotech ·

          In reply to ARE WE BEING HYPOCRITICAL

          I wrote this at work, but my manager considers browsing message boards part of my job, trying to keep myself up to date on what is going on in the IT world, and finding different tools to help me do my job better. I regularly browse TechRepublic’s forums and other tech related forums, but you wouldn’t catch me browsing Monster.com or some dating website while on company time.

        • #3246589

          BOFH… and proud of it !

          by red_wolf9 ·

          In reply to Reply To: Search Employee Computers

          I just delete the lines on the proxy logs that have my IP address on them. I just love being on the internal security team? membership has privileges, you know.

          OK… not really, but you hopefully see my point, it would be trivial for an ethically challenged IT employee to “cook the books” (if I may barrow an accounting term). Clickity.. click, my boss just became a pervert.

          So I think the ethics/trust issue is important, as many others have pointed out.

        • #3247798

          and speaking of unethical behavior….

          by sbmknight ·

          In reply to BOFH… and proud of it !

          a borderline psychopath I once knew told me “if you want to get back at someone, just download some kiddie porn on their computer & call the authorities.”

        • #3246531

          yeah, I tried the dating site thing, but they’re all blocked :)

          by tonythetiger ·

          In reply to Reply To: Search Employee Computers

          yeah, I tried the dating site thing, but they’re all blocked 🙂

        • #3246535

          you’re probably right,

          by tonythetiger ·

          In reply to ARE WE BEING HYPOCRITICAL

          I like to think I do some of this to learn how to do my job better, sort of an investment. But some topics grab you and it’s easy to get carried away I suppose.

        • #3246534

          Plus

          by tonythetiger ·

          In reply to ARE WE BEING HYPOCRITICAL

          Plus if I’m on here I’m only wasting one person’s time, whereas If I were gossiping in another employee’s office it would be twice as bad 🙂

        • #3246607

          Reply To: Search Employee Computers

          by fresnotech ·

          In reply to ????

          I agree with you that everything should be monitored to keep the person from wasting time and protecting the interests of the company, but that kind of monitoring is not the responsibility of the IT department. I work for a company that has 12 branch offices spread throughout the country. It would not be possible for a single person to monitor everyone. I would assume that the person who is in charge of the individual departments, or of the individual people would be monitoring the employee’s non-computer related habits. Just an assumption, but it is better than thinking IT can go out and monitor those activities like we monitor computer usage.

        • #3246507

          Not my point

          by sgray0707 ·

          In reply to Reply To: Search Employee Computers

          My point was I think things are going too far. I don’t think everythng should be monitored? Are we in a police state? You should trust your employees until given a reason not to trust them. Where do you draw the line if you monitor everything? What is everything? Every phone call home? Every call to your doctor? Sounds like a communist nation to me.

        • #3061734

          The other issue

          by tonythetiger ·

          In reply to ????

          is favoritism, or “selective prosecution”.

        • #3246483

          Yeah right….

          by stefan_b ·

          In reply to What’s wrong with monitoring

          What does the info leak have to do with the rest of the message? Do you normally stand by the FAX machine and ask to see every doc going out/in? Is that your ideea of IT security?

          So what if you (as an employee) surf to Pron sites @wk during lunchbreak? Does this affect your productivity?
          Also, since when is IT responsible on human productivity?

          I guess the mistake (and I doubt anyone made it) would be to let you decide whom gets hired or not. You’d be more at ease in the personnel dept, if you ask me 😉

      • #3341071

        What?

        by t3chiesp3cie ·

        In reply to Can I have your name and the name of your company?

        Are you saying that if you had a company that you would have no Internet Usage policy? Or that you just would not enforce it? Or what? I think you are the one I would not want to do business with. If his company has a policy, he has to enforce it. I truly do not understand your response, it makes no sence.

      • #3341317

        Proxy Server

        by dave.schutz ·

        In reply to Can I have your name and the name of your company?

        The best way to trap information about website usage is through a proxy server. We use ISA server and require all users to connect to the internet through the proxy server. ISA server generates log files you can read or you can purchase software that will read the ISA logs for you and present it in a nice report. Also all users have to sign a release form consenting to monitoring of computer, email, and internet use. This protects the company and the users.

        • #3341284

          Proxy Server

          by mgluscevic ·

          In reply to Proxy Server

          Proxy Server is right solution for monitoring traffic trough multiple protocols: HTTP, SMTP, FTP. With MS ISA Server you can define policy rules for accessing different Internet services. ISA has very nice reporting system. SysAdmin can obtain information about most popular web sites, the most active users, protocols etc. ISA is also firewall solution with access lists, forbiden sites, etc. In conjuction with Active Directory Service ISA is very powerfull tool for monitoring network.

        • #3341278

          Caching

          by mgluscevic ·

          In reply to Proxy Server

          ISA offer web caching which reduces in/out traffic. But be carefull choosing sites to cache. If the site has a lot of links, all of them will be cached. This can be overwhelming for your network.

          Regards

        • #3341271

          Policy

          by mgluscevic ·

          In reply to Proxy Server

          First step is to define policy for using Internet Services. Second step is to deploy the policy. It can be only done with some software and hardware solutions – Active Directory Service, Proxy Server (ISA 2004), firewall (Cisco PIX…). After deployment you life be much easier then before. This is personal experience.

          Regards

        • #3246786

          too simple

          by avid ·

          In reply to Proxy Server

          too easy to bypass for notebooks outside the office even if you have a vpn that forces login at startup

      • #3341525

        I would absolutely disagree

        by avid ·

        In reply to Can I have your name and the name of your company?

        look. i spend 80% of my valuable time de-porning computers. everyone in IT knows that disreputable sites will infect your pc. this is terribly boring and a completely avoidable waste of man hours. i tell every user on every network that i administrate to only use the internet for business and also the consequences of certain internet activities. these pc’s are not personal pc’s. they are company property. besides you could very easily compromise your companines private data should your pc get infected with a well written trojan. so i say scan away. it is not only legal but very proactive. one more thing to consider… if an employee is engaged in illegal activity and your network is being used to perform these activities, the company than owns the network is also liable.

        • #3246780

          Well-stated!

          by placidair ·

          In reply to I would absolutely disagree

          You beat me to it.

        • #3246628

          80% of your time de-porning?

          by sbmknight ·

          In reply to I would absolutely disagree

          If you truly spend that much time removing porn from your users’ computers, I think you have a bigger problem at hand…called corporate culture. Who is hiring these people?

        • #3247815

          re: 80% of your time de-porning?

          by avid ·

          In reply to 80% of your time de-porning?

          small town it shop… should say it all

        • #3246599

          Reply To: Search Employee Computers

          by fresnotech ·

          In reply to I would absolutely disagree

          Thank you. Finally some logic that I can agree with. I don’t know that I spend that much time deporning computers, but I do spend a lot of time running spyware removal programs and antivirus programs trying to make sure that the computer will still run smoothly for our people when they decide to stop using the internet for personal use and want to use it for work related purposes.

      • #3246663

        foolish person…

        by gbig@customerselects.com ·

        In reply to Can I have your name and the name of your company?

        If you think for a second that where you work is your business, then you have an ego problem, and are ignorant of the law. Working for a company is a privelege, not a right. You are a trusted “guest”, not a squatting homesteader. Employees are equipped with company property, they are not given computers to play on, or to own, unless they make special arrangements. Get it? I doubt it.

        • #3247796

          Serious Power trip.

          by tony hopkinson ·

          In reply to foolish person…

          Zu Befehl mein Fuhrer
          You got it backwards, Companies are privileged to employ us. An attitude like that is for doormats and urinals.
          Any employer who tried to string me a line like that would find out how little they had that I wanted or needed in a very short space of time.
          I’ve been employed continuously since 1981, you don’t have to eat it just because someone thinks they pay you to.
          Got it, I doubt it.

      • #3246615

        Ditto

        by sterling411 ·

        In reply to Can I have your name and the name of your company?

        So I guess you also rummage through their desks everyday…!!!

      • #3247665

        Yeah… it makes more sense

        by crake ·

        In reply to Can I have your name and the name of your company?

        It makes more sense to do business with a company that doesn’t care if it’s employees are wasting time and resources, surfing websites and screwing around when they should be working on YOUR project/file/loan agreement/you-name-it.
        As a customer, it makes more sense to have to wait that extra day or two to get your completed project because the “dude” who worked on the variable cost rates section of your project decided instead to spend time looking at possible vacation spots for his next holiday.
        Right?
        As a company, if it’s not time adding value to the company’s product or service… it’s time wasted.
        Since wasting time is acceptable to you, rest assured – I would never hire you.

      • #3247550

        You can “not” work for mine too :)

        by mr l ·

        In reply to Can I have your name and the name of your company?

        DC_Guy:

        Not only is this not an ethics issue, it’s completely black and white. MY company’s PCs/Laptops = MY rules. You do not have the right to do anything more than what the owners of the systems (who also happen to pay you, by the way) have said you can. Ethically/legally/morally you have zero expectation of privacy when using company-owned equipment, systems, or access networks. It’s not a new concept, it’s the law, deal with it.

      • #3248670

        You & those who support your position seem to hold that you have the right

        by deepsand ·

        In reply to Can I have your name and the name of your company?

        to use company property for such personal purposes as you see fit.

        You do not.

        It’s that simple. Get over it.

      • #3261782

        Please give me yours

        by nyabdns ·

        In reply to Can I have your name and the name of your company?

        For the same reason. Obviously you don’t respect the people who sign your paycheck and would not hesitate to steal from those who have hired you to do a job.

    • #3234017

      Here’s a time saver

      by tony hopkinson ·

      In reply to Search Employee Computers

      Stop being so damn nosy.
      What sort of thing catches your attention ?
      Saucy pictures of their wives ? Do they know you are doing this ?

      • #3233955

        Hold on

        by roger99a ·

        In reply to Here’s a time saver

        If those are company owned computers then nobody should have any illusions of privacy. The computer and everything on it belongs to the company. The company should have a policy that states that as well.
        Surf porn on your own computer for Pete’s sake. DUHH

        • #3233945

          Doubt they are downloading pictures of their

          by tony hopkinson ·

          In reply to Hold on

          wives, unless they are completely sad and download someone else and pretending it’s their missus.
          Heard a Lot of shoulds, ifs and buts in your response, decided to catch the fellas attention and see how many of them were true ?
          Okay ??
          Beside I think the employees should be trusted until there is cause to do otherwise.
          They aren’t ever going to be trustworthy if they know they are not trusted, before they’ve even got their pencils out.

        • #3339219

          Reply To: Search Employee Computers

          by tonythetiger ·

          In reply to Doubt they are downloading pictures of their

          But that “cause to do otherwise” might just be the downfall of your company. Some proactivity is surely required. Most companies have acceptable use policies. Why have them if you’re not going to check on whether or not they are being followed?

        • #3339205

          Once the policy

          by tony hopkinson ·

          In reply to Reply To: Search Employee Computers

          (laptops only make a problem becuase outside work they are probably not going through the company firewall proxy is clear, in my personal opinion you should have some evidence of misuse and then verify it. If an employee is doing something iffy, scans for malware, viruses, unauthorized executables will exposes 99.99% of them you don’t have to go riffling thru their personal mail and browser cache.
          Aside from being quicker and more efficient, it makes you look like you trust your employees/colleagues as opposed to deeming them guilty and then proving on the last scan they were not.
          Just a respect issue to me. I got an email at work today, saying email scans were being implemented and one of the no nos is jokes of a sexual nature, that is political correctness to the extreme. If somebody believes I’ve offended them they have every right to complain, but for an other to decide because they would be offended so would the recipient is plain flat out wrong. The idea that the company could be in some way censured because they’d ‘allowed’ me to use their facilities to offend some one is stupid.

        • #3341344

          Policy has to rule because of lawyers

          by nashua403 ·

          In reply to Once the policy

          If you don’t police, the company is responsible. I, myself, don’t really like to do it, but it can open up a whole bunch of law issues in this day of “everyone wants to sue”. Someone walking into someone’s office while they are looking at some “unappropriate” mail or website can bring a whole mess.

          Our small company doesn’t use any kind of softaware to watch (so far) but we do check computers when we think something is going on. All employees have signed an internet policy document which does state that they are there to work and not waste work time on the web. This was drawn up by a lawyer.

        • #3341280

          Different Situations

          by tony hopkinson ·

          In reply to Policy has to rule because of lawyers

          Using ‘company time’ for personal use.

          Using company equipment out of working hours for personal use which puts the company at risk.

          Using company equipment out of working hours, for personal use which is no risk to the company.

          Only if the policy states explicity that ALL personal use puts the company at risk, can you unite all three scenarios under one umbrella.

        • #3247811

          How I do it

          by cowen80194 ·

          In reply to Policy has to rule because of lawyers

          What I have done is I block everything and then only allow what someone requests after I personally verify the integrity.

          YES that takes alot of my time BUT when someone has to wonder if what they want access to would be considered objectionable we have seen less problems and more productivity.

          This may or may not work for your environment but works in mine.

          Most of the sites that have white listed have all been approvable under out Usage Policies.

          Email is trikier but the same goes and I do filter though the SPAM folder for lost emails that someone is expecting and the 3rd party filtering removes most of the real SPAM that filters into the server.

          Again this is what I have decided on and works in my situation.

        • #3341332

          Jokes of a Sexual nature sent from a comany account? Now who’s wrong.

          by ltr_mo ·

          In reply to Once the policy

          There is plenty wrong with sending inappropriate emails of that nature from an employer?s email domain. How many times does that joke of sexual nature get forwarded? How many times is it forwarded with all the previous recipients left in the message? Obviously you’re not an owner and don’t have to deal with the liability or mere embarrassment when somehow that ‘joke email’ becomes public record somewhere or ends up in the wrong place and the company’s name is smeared all over because a user like you decided it was your right of freedom to abuse company resources.

          We may live in a democratic society, but democracy stops when you walk in the door to work. Lawyers made sure of that when all of the lawsuits began. Most employers are scared to death (and rightfully so) of what is being transmitted from their business domain. Unfortunately most users view their work computer just as they do their home computer. They are careless and have no sense of responsibility of what they do or any repercussions. I believe that your comment that ?The idea that the company could be in some way censured because they’d ‘allowed’ me to use their facilities to offend some one is stupid.? demonstrates the unawareness of the typical user.

          I believe the original post of this thread probably didn?t spell everything out that he?s facing. I would imagine that he?s dealing with what everyone else in our industry is battling. I agree that there should be a stated policy, education of users, and accountability. Often times it takes the hostile workplace lawsuit, angry phone call from an un-expecting recipient 4 times removed, or a complaint from another company who DOES monitor and enforce a policy to finally persuade those without a policy that those days are over. It?s a business and the owners have every right to protect itself and its good name. A good employee should have respect for that.

        • #3341259

          I totally agree and…

          by scmgithd ·

          In reply to Jokes of a Sexual nature sent from a comany account? Now who’s wrong.

          add to that the number of users that just don’t get why downloading “that cute screensaver” could cause problems or why installing games on a computer so her child could play while she worked was inappropriate or the user that was playing internet games…not just taking up time but bandwidth as well.

          I work for a clinic and just implemented a number of policies because of HIPAA security. One of them was that IT could audit a computer at any time for inappropriate use, to be sure they have their windows updates current, that virus scans are being done on a regular basis, etc.

          The hospital in our area is *huge* on security. We have a connection to their system to pull patient reports and I get audits on a regular basis that I have to investigate why one of our users was in Patient A on a particular date.

          Personally, I think audits are a great idea and the policy needs to be in place more in case of a problem than for normal operations.

        • #3341244

          Hardly a typical User am I

          by tony hopkinson ·

          In reply to Jokes of a Sexual nature sent from a comany account? Now who’s wrong.

          I don’t send jokes, my manager does though. From the contacts, they are people who he assumes won’t be offended by them. Saying that he did send one (not sexual) that I did find offensive. I didn’t start an immediate law suit against the company I work for, simply mentioned that I didn’t find that sort of thing funny to him.

          Don’t forget I’m from the UK, and therefore not on first name terms with a lawyer just in case I get the chance to sue someone.

          I believe that your comment that “The idea that the company could be in some way censured because they’d ‘allowed’ me to use their facilities to offend some one is stupid.” demonstrates the unawareness of the typical user.

          Do tell me how an admin can stop this happening !

          All you can do at best is detect when you’ve either got away with it up to now or someone hasn’t got round to phoning their lawyer yet.

          So don’t present automatic snooping as a solution, you know it isn’t and so do I.

        • #3341490

          Reply To: Search Employee Computers

          by tonythetiger ·

          In reply to Jokes of a Sexual nature sent from a comany account? Now who’s wrong.

          Or how many times does that file attachment of a cute little video of farting dinosaurs get saved to users’ private directories. 51, that’s how many 🙂

        • #3341331

          Reality is often stupid

          by mnchstr ·

          In reply to Once the policy

          “The idea that the company could be in some way censured because they’d ‘allowed’ me to use their facilities to offend some one is stupid.”

          Companies are sued for STUPID things everyday by STUPID employees. It is STUPID for a company not to have a policy like this or not enforce it. I agree that political correctness has run rampant and you can decline to participate but thats like standing in the rain and complaining about being wet. Get an umbrella or shut up.

        • #3341539

          I say that was quite offensive

          by tony hopkinson ·

          In reply to Reality is often stupid

          LOL
          Whether that’s because we are too STUPID to exercise our rights, or because we weren’t STUPID enough to let lawyers run our lives is of course open to question.

          Tell me as employee, would you sue your employer if in the process of snooping on an another employee you found something that offended you ?

          I’m sure you can find someone to take on such an open and shut case.

        • #3341295

          Litigation

          by toddz ·

          In reply to Once the policy

          Unfortunately, here in the States, companies do have to worry about being sued for what employees do with company equipment, regardless if it was on company time or not. As responsible network admins, we have to perform due dilligence to protect the company. While we don’t review each workstation, we do monitor what goes through the firewall and maintain anti-virus and anti-malware on the workstations.

          Our policy states that work equipment (including portable computers) is to only be used for work purposes with limited personal use as allowed by your supervisor. As it is an asset of the company, and therefore the responsibility of the company, no user should have the expectation of privacy from the company on company equipment.

        • #3341536

          Aye

          by tony hopkinson ·

          In reply to Litigation

          But you can only discover an employee has broke the rules in say sending an offensive email, you can’t stop them doing it.

        • #3341248

          Reply To: Search Employee Computers

          by tonythetiger ·

          In reply to Once the policy

          I understand the “offensive” part. I’ve often marveled at how a person can be offended, then take the offensive item around to all their colleaguse to show them just how offensive it was (who is doing the offending now?).

        • #3341535

          Offensive

          by sgray0707 ·

          In reply to Reply To: Search Employee Computers

          Where do you stop? I find smoking offensive. I think it is a huge waste of company time. Smokers in my company gather around the entrance to the building. I have to walk through this many times a day. Should I sue because I am a non smoker and I am offended and my health is being effected? I find smoking as offensive as others may view a bad joke that is emailed. This is crazy. I think that is what Tony was trying to say. People will sue for just about anything in the States. Are you going to protect yourself for every possible scenario? A business use policy for the internet is one thing but to go ferreting out offenders is crazy.

        • #3341523

          That’s the thing

          by tony hopkinson ·

          In reply to Reply To: Search Employee Computers

          What are the criteria for defining something as offensive.
          People are offended by other politics, religion, sexual mores, even business practices.
          You don’t have to cast aspersions on someones intelligence or their parents marital status to offend them.
          Perhaps we should just put an explicit material disclaimer on all company emails.

        • #3246784

          reply to TH

          by tonythetiger ·

          In reply to Reply To: Search Employee Computers

          Really! I mean, if you happen to be Jewish, I suppose you could be offended if someone said “Merry Christmas” to you.

          I think most of the “eye (or ear) of the beholder” rules are bad (I would have said a four-lettered word describing human excrement but I don’t want to be offensive :)). Especially in the multi-cultured workplaces of today. What’s offensive or obscene to one person else might not bother another in the least. Why am I responsible for the thinness of someone else’s skin?

        • #3246702

          Not so much Why as How

          by tony hopkinson ·

          In reply to Reply To: Search Employee Computers

          If you are going to judge based on what a.n. other might find offensive, you may as well unplug all the cables, put all your employees in strait jackets and seal their mouths with gaffer tape.
          Just not possible.
          If you are going to judge on what you personally or your boss, the pope or GWB find offensive, you are going offend someone and definitely be liable for it.

        • #3246716

          Legal problem

          by sue’s comment ·

          In reply to Once the policy

          We have received a similar Email recently but it was because of successful litigation against a company for allowing jokes of a sexual nature to be passed between employees! So they are not being stupid.

          At least my company explained the reasons why.

          Keep work professional.

        • #3246573

          By all means

          by tony hopkinson ·

          In reply to Legal problem

          and did they define what jokes of a sexual nature were ?
          Guess not eh, so it’s open to interpretation, so baically just don’t send jokes full stop.
          Course sex isn’t the only way you can be offensive.
          It just looks like they’ve done something, in real terms a lawyer could get you off and hang you out to dry, policy or not. It’s just a line of reasoning when you get to court, not a get out of jail free card.
          So you’ve had your right to free speech taken away from you for absolutely nothing.

        • #3246567

          Reply To: Search Employee Computers

          by fresnotech ·

          In reply to Once the policy

          You’re right. It is stupid, but that is the way things are in today’s world, or at least in the US. Everyone here seems to be looking for the fastest way to make a buck, and the fastest way is to sue someone who has more under the guise that something they did or said was offensive. That person who was offended would probably know that the person who sent the email doesn’t have nearly as much money as the company, so why sue someone for $500 when you can sue a bigger fish for $5 million. Because of this massively letigious society we live in today, companies have to protect themselves, and the policies that state what can and can’t be done are in place because of this. We might not like it, but if we were offended, odds are that we wouldn’t let our distaste for the policies prevent us from suing the pants off anyone we could get money from.

        • #3246506

          Well some Ethics at last

          by tony hopkinson ·

          In reply to Reply To: Search Employee Computers

          Honesty is the best policy, or at least while lawyers aren’t involved anyway.

        • #3233921

          Totally Agree

          by damon ·

          In reply to Hold on

          The equipment and software is owned by the business -then Sys Admins have ever right to view check if nothing else randomly.

          I have been involved with two employee termination which where because of misuse of time and equipment.

          Unfortunately – it is a necessary evil!!

          The PC (Politically Correct) Police can get off there high horses and work in the real world.

          Big Brother is already here – Live with it.

        • #3233912

          Agree

          by rkuhn040172 ·

          In reply to Totally Agree

          Got to agree.

          This isn’t a privacy issue or who owns what etc.

          This is a security issue. Not one of you “professionals” raised that.

          Like I want a porn surfing, adware, spyware infested, virus laden PC joining my domain…yeah right.

          As a company, that’s our equipment and our expense should something go wrong…not on my dime.

        • #3233874

          If all the assumptions are correct

          by tony hopkinson ·

          In reply to Totally Agree

          then it’s a trust issue. While someones browsing habits might give an indication of other more useful indicators, such as why the pc is crammed full of malware and viruses, scanning the pc for those will be much quicker.
          Then look as to why. The fact that they frequent shemales’R’US.com out of working hours is of no relevance whatsoever.

        • #3340208

          It is relevent

          by roger99a ·

          In reply to If all the assumptions are correct

          Shemales can cause lawsuits. If somebody else runs across these shemales and files and harrassment lawsuit and the company has done nothing to prevent it, the company can be found liable. It’s the admin’s job to delete shemales.

        • #3340193

          Well correct me if I’m wrong

          by tony hopkinson ·

          In reply to It is relevent

          But if I was to send someone an unsolicted message they considered offensive (of any description), I would be liable not the company.
          If you were searching about on a pc I used and found something you considered offensive then you’ve offended yourself.

          I find various political concepts offensive, but I’m hardly likely to be successful prosecuting someone for having a transcript of a GWB speech.

          Illegal, yes damaging to the company yes, damaging to company property yes. You could say that people might be put off by an employees taste in the bizarre, but you’d have a tough row to hoe trying to discipline them for it (unless that was their thing LOL) at least in the UK.

          Any of this done on works time of course and you can nail them to the wall with impunity if you have the policy in place.

          If it’s outside working hours and it isn’t damaging the laptop, I would consider it irrelevant. I worked with a guy who got the sack for being a pornoholic with his laptop, he didn’t get the push as such because of the content of his cache, but because he was doing all his downloading at the office and then compounded the error with a pathetic attempt to hide what he was doing. Course being into ebony porn when you’ve a female of african descent in charge of HR, is probably a bad idea as well.

        • #3339830

          Why Liable

          by roger99a ·

          In reply to Well correct me if I’m wrong

          The company may be found liable if it makes no effort. If I have a spam blocker and your offensive email gets through then I have made a reasonable effort to stop it, but if I don’t then, being in a highly litigeous society, I may be held liable for the offense. This could get worse if the laptops are redistributed or shared.

        • #3339754

          Hmmm, that would never fly in the UK

          by tony hopkinson ·

          In reply to Well correct me if I’m wrong

          Only the person sending the offensive content. If it was the company doing it the OK. But if I sent a picture of myself naked to female colleague either internally or externally, unless I was doing it under instructions, only I would be liable. To say anything else is to come back to the net nazis who want to make isps and such like responsible for content. Course in this case if I did send it internally, you could probably get me even if the recipient wasn’t offended, unlikely the latter, to be quite honest but within the realms of probability.

        • #3339248

          But who is to monitor?

          by jdclyde ·

          In reply to Totally Agree

          Is it that persons supervisors job to make sure they are doing there work or does the Sys admin have so much free time that they are also the IT NAZI and are going to MAKE SURE that you obey the rules.

          I neither have time nor desire to become the network babysitter. My boss has not directed me to do so, which means it is not my job.

          Even if I see something, I would have NO AUTHORITY to do anything about it except go tell their boss who is the one that IS responsable for making sure they follow rules.

          Don’t let people turn a personel problem into a computer problem. If they are too incompentent to know what their employees do, then the supervisors are the first that should be walked out the door.

        • #3339246

          Who is to monitor?

          by craig herberg ·

          In reply to But who is to monitor?

          Indeed. Amen. . .

        • #3341530

          Owned?

          by sgray0707 ·

          In reply to Totally Agree

          Your time while at work is “owned” by the company. “Terminated for misuse of time and equipment”? Ever leave work early? Ever take a long lunch? Ever talk to a co-worker about topics un-related to work? Of course you have. Should you be fired for misuse of company “time”? If you are going to go down this path you can’t stop with PC usage. It could and will be argued in court.

        • #3339981

          I’m not disagreeing

          by dc_guy ·

          In reply to Hold on

          I just think that people make too much out of it. We spend more of our life in the office than any other place. We should be able to reach a compromise of sub-KGB proportions on how we use the resources in our “second home.”

          As for viruses, you can get them anywhere. Porn sites tend to be pretty well administered and probably not among the highest risk areas. They have enough trouble with P.R. without customers saying they picked up a virus there. That would be just a bit too ironic.

        • #3339879

          CyberHerpes

          by tony hopkinson ·

          In reply to I’m not disagreeing

          LOL.
          Porn password sites, warez sites , mp3 finders, ringtones and plastic hackers (ones who hack their audience)
          are generally the worst.
          But that’s a combination of education and tools not spying.
          Why is it some company’s think you’ve abrogated all your civil rights as soon as you accept money for your services.

      • #3340337

        Privacy

        by jbaker ·

        In reply to Here’s a time saver

        If these machines are company property, then there is no expectation of privacy on them. All of the data and files stored on the machines are the property of the company, and therefore the Administrator has the right, and perhaps even the duty to be sure that they remain clean.

        • #3341320

          Expectations of Privacy

          by techden ·

          In reply to Privacy

          JBaker –

          Please be aware that expectations of privacy, as with everything else, vary from site to site, country to country, and culture to culture. While it seems to be the situation that US companies – operating *within* the US – are draconian in their enforcing abrogation / denial of worker’s rights, it is not the case everywhere. Many US companies, in their operations outside the US, have (or had to) tempered their zeal in this area, my own company included. This is as much due to local cultural differences, embodied in the local employment legislation, having jurisdiction, as for any other reason.

          Leaving all this aside, the “expectation of privacy”, or lack thereof, must be set by the company, usually through the mechanism of contract clauses and/or Acceptable Usage Policies. In any *sensible* operation, AUPs will determine both the sites / activities that are /are not acceptable, AND when acceptable. Examples are SurfControl-enforced blocking of recreational sites (sports, news, tourism, etc) during core business hours, and then being relaxed outside of these hours, including lunch hour.

          Expectations of privacy must be set by the company – and any company which does not do this is asking for trouble. Employees are entitled to a reasonable expectation of privacy (again, varying…), especially if the company has NOT explicitly stated otherwise. If you don’t define it, you can’t defend it. You then have no-one to blame but yourself…

        • #3246773

          I have asked

          by tonythetiger ·

          In reply to Privacy

          that since there is no expectation of privacy, “Why do we have user accounts with passwords”. Why not just everybody use the same one?

        • #3246614

          Because…

          by red_wolf9 ·

          In reply to I have asked

          We would like to fire the user that performed “DEL *.*” on the mail directory of the Notes/Exchange server, and if we all used the same ID (yes I’m assuming it has admin rights) who would we fire.

          Careful, don?t confuse privacy with accountability.

      • #3341275

        Do you got some?

        by saintgeorge ·

        In reply to Here’s a time saver

        Do you have saucy pictures of your wife in your work PC? I wouldn’t keep there any pic that I couldn’t also have in an old fashioned frame on my desktop (talking about furniture, here, not Windows). Ah maybe you download your digital cam pics from home at the office, well that is risky..

      • #3341537

        ego

        by jeffersnet ·

        In reply to Here’s a time saver

        I’ve been around a lot of network administrators who think they are the web police and aren’t doing this because of directives from above. If I were in charge of the companies furniture would that give me the right to go through everyone’s drawers to search for pictures or letters? Network administrators should worry about keeping the network running and not go on these power trips to feed their egos.

    • #3340200

      Objectionable materials on computers

      by craig herberg ·

      In reply to Search Employee Computers

      First of all, I strongly suggest that you not snoop on employee computers unless you are specifically told by your management to do so. In the world of confidentiality, curiosity will lead to termination.

      On the other hand, if you are directed to do so, you can use a product like Snitch http://www.hyperdynesoftware.com/index.html.
      If you just want to clear out the cache and properly delete temporary internet files in an automated fashion, use a product like Webroot Window Washer. This will help you keep the computers from getting sluggish and not run the risk of getting yourself fired.

      Craig Herberg

      • #3246598

        even better solution

        by red_wolf9 ·

        In reply to Objectionable materials on computers

        or just surf your porn at home!

        oh… what if I like black and white porn (no fleshtones for Snitch to oogle), and I wonder if it can get inside password protected zip files. Where I might store movies in Vivid(pun intended) color.

        • #3248791

          Alernate solution

          by craig herberg ·

          In reply to even better solution

          Actually, I was not referring to covering up one’s own tracks — I was referring to the IT staff automatically cleaning up internet clutter, rather than sniffing through it.

          There is a real good reason why work computers and work network both have “work” in their names — because they’re for work! Some organizations do a better job than others articulating that fact. Consistancy is the most important thing.

          Craig Herberg

    • #3339785

      Reply To: Search Employee Computers

      by angry_white_male ·

      In reply to Search Employee Computers

      First – does your company have an internet use agreement that each employee signs upon employment? Do you live in an area where privacy laws may prohibit such activity?

      As the security guy at my company – I don’t go on fishing expeditions for something unless I have probable cause to do so (I also work part-time in law enforcement – so some of the same principles apply). One employee (a VP) was given full access to the internet because he was running into too many blocked sites in the course of his research. The weekly check of the web filter showed that as soon as we unrestricted his access, he was surfing porno websites all day long which gave me cause (with our COO’s blessing) to make a forensic image of his hard drive after hours when it was discovered that some of the websites had nearly nude models that looked very young and warranted further investigation.

      Now if he were just looking at Playboy’s website – big f’ing deal. He would have gotten an admonishment and that would be the end of it. However in this case our legal counsel decided that he wasn’t breaking any laws (the models weren’t nude – but 8 yr olds wearing bikini’s 2 sizes too small??).

      It was ultimately handled by the executive staff and they didn’t pursue it (probably because of the negative publicity that would have ensued – given we’re a public/gov’t sector company). However if it were up to me he would have been doing prison time. If he’s bold enough to do this sorta thing at work – god knows what’s on his hard drive at home. Needless-to-say he doesn’t even make eye contact with me anymore.

      But anyway… that’s one example. Why don’t you have an internet filter on your network that tracks/filters internet activity instead?

      • #3339381

        Seriously

        by tsert ·

        In reply to Reply To: Search Employee Computers

        Thank you for your serious reply.

        Yes we have employee internet use agreement along with P2P, file storage and download agreements which are filled out and signed by every employee.

        My employee’s mostly work at our customers sites (with laptops)and they use our customers internet connections which they have mostly just tracking software because I’ve heard of people being released because of web sites and other data found on there machines. if they were blocked then none of this would happen.

        But since i must do updates and new installs for all machines i have been told by my boss to scan each machine i get for anything that would breach our confidentiality agreements. (This would be bad because not only would we have to remove this employee from our customers site -We probably would not fire him depending on what it was- but we would look very bad to our customers and obviously lose some of our clout with them as well, meaning we would not get any new jobs from this customer)

        So to answer some other ridiculous posts on this thread –

        1. I do have permmission to scan for any material harmful to our business

        2. No i do not go snooping around on anyones machine without them knowing. They have signed the agreements and sometimes they even watch me.

        3. My Company name and my name is of no importance to you DC GUY – from your atitude i can tell you would not even be a candidate for an employee of mine or of my boss (the owner/president of my company). and if you would stop thinking that everyone is out to get you and think about a company that you own and operate and how would you cover your butt?

        Again angry_white_male Thank you for your serious reply

        • #3339306

          Reply To: Search Employee Computers

          by angry_white_male ·

          In reply to Seriously

          What you probably want to find out there is some sort of internet filter/blocking/reporting software that gets installed on the client and has the ability to “phone home” with a report of their web activity. I can’t think of anything off the top of my head – but there’s stuff out there that’s used by parents to monitor their kid’s web usage, as well as suspicious spouses.

          Of course, you don’t want to install this and give your users local admin rights to the local machine – so configure your laptops accordingly if you decide to go this route.

          The first place I’d check is with SurfControl – I think they make a home software package. I’m not endorsing their product, but we use their enterprise stuff here at work – works well.

          Finally, make it very clear to your users that big brother IS watching. For the non-believers here at work, I usually generate a detailled report of their web usage for them and suddenly their non-business web use drops off dramatically. Gets to be embarrassing when websites such as http://www.herpes.org shows up in your usage report!

        • #3339255

          Thank you

          by tsert ·

          In reply to Reply To: Search Employee Computers

          Thanks again for your informative reply.

          I now have a direction forward thank you.

        • #3341283

          Monitoring Software

          by jimmy z ·

          In reply to Reply To: Search Employee Computers

          Spectorsoft makes several products which can be used to not only limit the websites that employees can access but it also monitors email and instant chat messages like instant messenger and MSN messenger. Go to http://www.spectorsoft.com. I know about this software because the company I worked for used it on every employee including myself. I no longer work for them because they went to the extreme on this. I believe that if an employer has suspicions that an employee is doing something unethical or illegal that they have a right to load this software on an employee’s computer and monitor the activity.

        • #3248826

          Hostile work environment?

          by craig herberg ·

          In reply to Monitoring Software

          Although it is legal to do this in the US, it certainly fosters an atmosphere of mistrust and hostility, when it’s done routinely. And since keystrokes are recorded, passwords become shared and auditability is lost. So, when the company accountant is charged with embezzlement, his attorney can claim that somebody else used his password to login and steal money. Normally, people are held accountable for their passwords, but not when the employer secretly shares them with snoops. What a mess!

          Craig Herberg

        • #3339238

          But that is a different picture

          by jdclyde ·

          In reply to Seriously

          Than what you painted before.

          As pointed out by a few of the others, typically most employees are not investigated without a reason. If they are doing something like going to sites that are a violation of policy then your firewall would be giving you indications of this.

          There are also content filters that restrict this behaviour or at least notify the net admin.

          AFTER there is anything that pops up suspicious, THEN is the time to start going in and looking for abuse.

          Do the employees KNOW that their systems can and will be inspected from time to time? It is a bigger matter of respect and trust than what is your legal rights. Many people won’t work in a place where they are treated like a criminal, and the one’s that do are going to not be as dedicated to the company.

          These are the things you should take into concederation, and will better explain some of the replies that you go.

          Based on your original post, you just looked like a snoopy little worm on a power trip. Dispite getting testy, you did do a better job of explaining the whats and whys for what you are doing in this last post.

        • #3339200

          Couldn’t agree more

          by tony hopkinson ·

          In reply to But that is a different picture

          One can only assume that at least some of the employees have been up to no good as it were, using the company laptop, presumably out of hours for non work related things. My problem with the idea of verifying this from a content point of view is someone is sat down imposing their idea of what is right and wrong. I daresay, using ebay, or booking a holday on line, and such is not considered a problem. If you say no porn at all I can live with that as well. But somebody saying you can look at hetero porn that features the missionary position, but not some more ah esoteric porn is most definitely not. The fact that an employee has a 1000s of pictures on orgies in their cache should not concern you at all compared to say a default install of kazaa with it’s full spyware/adware package, or a cracked copy of a pc game.

        • #3340327

          Reply To: Search Employee Computers

          by jbaker ·

          In reply to Seriously

          You should have mentioned all of this information previously. This adds an entire new dimension. If the user is onsite, and uses the customer’s internet connection to access questionable material, then that reflects badly on your company…as I am sure you know.

          As Angry said, there are several pieces of software that will filter material on the machine, and prevent it form accessing anything that is questionable. He gives one, BeSafe is another, as is NetNanny. Simply search internet filters, and mitigate the issue without having to search the machines. It will prevent headaches for both you and your bosses.

        • #3341542

          tsert your right

          by abolla ·

          In reply to Seriously

          I think that you would only not be doing your job if you did not take proactive measures. This types of activity is alive and well in the tech community. I personally have never worked for a company that did not have an AUP or computer policy in effect. I really don’t think that I would want to work for someone who was stupid enough not to have one, and not be proactive. We monitor every bit of traffic on our network, and record every phone call. The point is, that people come here to work, and if they do their jobs there are no problems. If they don’t it is discovered very quickly!

        • #3247741

          should have stated this at the beginning

          by sbmknight ·

          In reply to Seriously

          had you bothered to include this information in your original post, probably half the comments in here wouldn’t have been posted. Seriously, your original question made you sound like a nosy jerk…more than someone with a legitimate business concern. I don’t know what kind of business you’re in, but this post indicates *to me* that the issue you have is with confidentiality, not porn-surfing or spyware gathering activities. Obviously, a much more serious issue. (I work in the public sector, where this is practically a non-issue.)

    • #3339220

      control

      by support#netropole.com ·

      In reply to Search Employee Computers

      if i want to know where my users are spending their time on the company dime i look in the ISA logs. as for surfing porn at home on a company laptop, try enterprise anti spyware software. when they connect back into the network and are scanned by anti-virus and anti-spyware, you will have reason to inspect that system closer if infected. alot of users today know how to delete cookies and temp files.
      your main job is to protect the companies network. do that first then work on protecting the users from them selves.

    • #3340527

      There are alot of programs

      by zlitocook ·

      In reply to Search Employee Computers

      To remove traces of where you have been. But not many to do a full search on a computer. I have worked for a large hospital and a bank. With both there are security and compliance problems. We have all computer users read, understand and sign a document that states the computer is the property of said company and every thing used, is company property. The user is told that Email, programs installed and any thing else will be checked at regular set times. If anything not approved is found it could be grounds for dismisal.
      That said there are a few freeware programs that search hard drives but the best way is the search for *.jpg, jpe, mov, mpg and just to look around. Laptops have one or two users so it would be easy to search them. I have found things on computers that I could not understand why a person would look at! And now just report what I find to the proper people at the company I work for.

    • #3340364

      Because of our internet policies and

      by tomber ·

      In reply to Search Employee Computers

      employee agreement forms to use the PC’s for work use only, we were able to catch an inside saboteur. We were having major system crashes with data loss every other week and after looking at all avenues for this problem (software defect, upgrades, hardware defects, hacking etc…) we implemented on all office pc’s a spyware program in order to see if a certain sequence of commands or keys could cause a backdoor effect on the defective software. By viewing the spyware logs we found out that one employee had in his/her posession the super user login and password of his/her supervisor and was happilly deleting data files which were causing the system crashes. Therefore, if we had had the spyware installed at the begining we would of seen earlier on this user’s unauthorized access and it would of cost us less in time, energy and money spent. So “snooping” can help an admin.

      • #3340816

        True But

        by tony hopkinson ·

        In reply to Because of our internet policies and

        it could create an environment of distrust. Doing it from the start or leaving it on says you are defining all your employees as saboteurs you haven’t caught yet. There’s a substantial cost to that as well, just a bit harder to quantify, than x hours of your time.
        Every silver lining has a cloud around it. How did this pratt get their bosses password, probably a good argument for at least censure on his/her part as well. Don’t tell me post-it under the keyboard or a spouse’s name ?

      • #3341364

        Bye to Headaches

        by inno4te ·

        In reply to Because of our internet policies and

        A simple thing (costs lots of money), is reinforce your firewalls and cetntralise everything.

        • #3341511

          How would that stop someone

          by tony hopkinson ·

          In reply to Bye to Headaches

          sending an offensive email ?
          You can lock the work stations for installations etc.
          You can ban sites
          You can block ports
          You can’t someone misusing the provided facilities though.

      • #3246579

        Yikes !!

        by red_wolf9 ·

        In reply to Because of our internet policies and

        Please tell me your kidding, or do you enjoy playing with fire. A fired employee with a decent lawyer would have claimed you used that very same spyware to delete the files under his username.

        Hopefully you also disciplined the supervisor, for failing to secure his password. Strong password policies, frequent audits, prevention of multiple login, 30 password expiration, etc. is hopefully what you will use in the future.

        God help you if you go to court wanting to use logs from NetBUS, SubSeven, any keylogger, or BackOrifice as evidence.

    • #3340736

      We make no bones about searching but..

      by tomsal ·

      In reply to Search Employee Computers

      We aren’t the SS either.

      First just a blanket reply to any and all folks in this thread who say its fine for folks to do whatever with company computers if its outside of company time…I couldn’t possibly disagree more with you, its not if you are on the clock that makes a difference its who owns the equipment. If its company equipment its company equipment 24/7/365 — not just during your work hours.

      As a backup to that statement, folks who think otherwise than me — you either were never system admins responsible for the technology in your company or if you were that is EXTREMELY surprising news to me.

      We monitor activity on our network, we monitor web traffic to each node. Trust me we see plenty of non-work sites be accessed, we don’t sound an alarm and stomp on everyone every time. However we do look for patterns — does this person do excessive non-work related browsing? What types of sites do they visit? do they download a lot? MP3s? Graphics? .EXE files? Do they sign up with their work email address at various websites (can I please have some more SPAM?). Those folks we monitor, if you call it spying — guess what call it spying, makes not a damn bit of difference to me or how I feel about it.

      Our jobs as admins are to protect the companies technology assets, maximize their efficient use, keep them running and safe guarding the company and its reputation from any “cyber-related” threats.

      So if you are un-happy that the guy in IT is raining on your parade because you have a nightly habit at home of watching porn on the company issued laptop…sorry to offend your “civil rights” or sense of “privacy”…

      here…wait….wait for it….wait…

      there you go.

      😉

      • #3341369

        Well Said

        by pepperami_monster ·

        In reply to We make no bones about searching but..

        When the IT stops working because of virus downloads or other such issues who’s responsible to get everything back up and running? If I find users going places that pose a threat to our network then I stop them dead.
        It’s my arse on the line if all the systems go down and everyone’s a critic when they aren;t working but no-one wants to take responsibility for causing the problem in the first place.
        We have an Internet/E-mail policy in place and it is very fair (according to our employment law advisors).

    • #3341378

      Proxy?

      by techierob ·

      In reply to Search Employee Computers

      Umm my first question is… Do these lappy’s use a static proxy to access the internet? Or are these more “take home” systems that connect to anywhere and everything?

      If you run a static proxy, then something like GFIs webmonitor for proxy/ISA servers will give you a drill down of the most common sites… Other than that if they are rouge – then I would set a local machine policy to import a DNS blacklist onto the local machine when they synchronise with the server. Enforce that the setings cannot be overridden with GP and it should sort it self out.

    • #3341372

      A World of Little Gods

      by mdm ·

      In reply to Search Employee Computers

      Same story, different time, date and location. In simple terms, it isn’t IT’s job or business to monitor employees. Employees are monitored by whomever they are accountable to. It is not up to IT guys to look around anywhere for the purpose ‘making sure there is no undesirable data or websites visited.” Do you also check to see what the bosses wife is doing while he is working or away. Who is checking the ‘checker’. IT guys are there to make IT work.

      • #3341366

        Bravo

        by jssteyn ·

        In reply to A World of Little Gods

        Well said….
        IT should stick with it.

      • #3341343

        re: A World of Little Gods

        by stubby ·

        In reply to A World of Little Gods

        But a part of making “IT work” is in protecting the initial investment, surely?

        I agree that we shouldn’t do the checking but we should certainly be advising or assisting in how the checking is done (what software, etc). However, as a partial mitigation, if this is a small company with one IT knowlegeable person in it, then I can easily see why the “checking” falls on them.

        • #3341341

          Inside Techies have a duty to check

          by ro.y ·

          In reply to re: A World of Little Gods

          If you just once do a check, you will be surprised as to what people do on office computers during office time! It is not only the security risk, but more and more also the company time, bandwith etc. that is misused.
          Working for a small legal company I amazed at what I found on just spot checking.

    • #3341367

      What action can I take on finding illegal material

      by james ·

      In reply to Search Employee Computers

      Relating to this area of discussion, I am wondering what action I can / should take having discovered illegal images on a computer i.e. paedophilic material. I run a small IT business and came across such material on a clients computer on which I was repairing the Windows installation.

      • #3341357

        Report it to the Police Immediately

        by frr ·

        In reply to What action can I take on finding illegal material

        Matters of this nature should be immediately reported to your local police force.

        • #3341348

          Speaking as a forensic analyst…

          by robertmi ·

          In reply to Report it to the Police Immediately

          I encounter varying grades of objectionable material on many of the computers I examine. If my task is not porn related I usually inform the client and leave to them to determine the appropriate action. If the stuff is kiddie porn then I have a clear duty to report it to the Police and would do so while telling the client of my intention. On the general thread of the topic, the issue of liability for computer content can be quite complex, however the company must have a policy that monitors and controls content, unless it wants to be found negligent if some of the content emerges into the open workplace arena. The practical implementation of the policy (what software should be used) is really what the guy wants to know. Morals have nothing to do with the topic.

      • #3341342

        Regulation of Investigatory Powers Act

        by veet voojygig ·

        In reply to What action can I take on finding illegal material

        I am the Sys Admin for a +1000 user company. We have a detailed IUP in place and to support that we monitor and log all traffic using an opensource proxy server which (fortunately for us) includes laptops Internet Use activity. All users are reminded every time they open their browser that their Internet activity is monitored and logged and they all sign an agreement when they start with the company. The system logs activity against the machine IP address and as such is relatively anonymous (initially), but what it does mean is that persistent access of adult/illegal sites which are not permitted by our IUP are flagged and then a more detailed investigation to discover the user is performed. This is as fair a system as we could devise since we are obliged by law to perform some form of monitoring. The system also blocks keywords and blacklisted sites.

        Without the aid of some automated system I would likely have to perform some form of manual intervention similar to the originator of this discussion. As long as the users are notified that monitoring is taking place then the company is likely acting in accorance with RIPA.

        However, our company does not monitor phone calls or check every letter that goes out with our official stamp or letterhead on it. Why should IT be the only accountable resource?

      • #3341300

        Client confidentiality

        by craig herberg ·

        In reply to What action can I take on finding illegal material

        Your clients have a reasonable expectation of confidentiality, unless you explicitly tell them otherwise. How did you come to discover the images on the client’s computer? While you may have the duty to check up on your minor children, you have an obligation not to snoop on your clients.

        If you don’t have a privacy policy, you should seriously consider creating one. Just to get an idea, take a look at mine at
        http://info-safety.com/privacy.html
        What approach you decide to take is your call.

        Craig Herberg

        • #3248734

          What about illegal material?

          by alan_ ·

          In reply to Client confidentiality

          Presuming you came across illegal material while acting in accordance with your privacy policy what would you do?

          I don’t know the law, USA locale, but my impression is that there is some duty to report suspected or observed illegal activity.

          If this is the case I’d favor a privacy policy that includes statements to the effect that the confidentiality boudnary stops at law breaking.

        • #3248659

          What I would do

          by craig herberg ·

          In reply to What about illegal material?

          This thread has brought up some interesting situations that I have not encountered. Of course a consultant should never break the law or cover up lawbreaking. I do think, however, that a consultant’s responsibility is similar to that of a priest or lawyer, i.e., what is learned in confidence remains in confidence. I think I will check with some lawyer friends.

          Craig Herberg

      • #3341299

        You must report it immediately!

        by eric-marketing ·

        In reply to What action can I take on finding illegal material

        Having been through this scenario at a previous job, you need to
        immediately report it to the local police. quite often the FBI gets
        involved, and they confiscate any machines that might have
        come in contact with or shared files with the suspect machine.
        (this can mean every server in your shop!)

        Additionally, if you FAILED to report it, and it becomes evident
        that you knew it was there and did not report it previously it can
        get you in some pretty hot water. we had a tech who ignored it
        and they came down pretty hard on him.

        any and all moral obligations aside, if you see evidence of a
        serious felony on a machine you’re working on any professional
        ethical code would dictate that you report it (either to
        management, or police, whatever’s applicable).

        And as a last comment- eww. better to lose a customer like that
        to prison than keep working on their equipment. yuck.

      • #3246569

        Tell HR

        by red_wolf9 ·

        In reply to What action can I take on finding illegal material

        Unless you live in a state that requires you to notify local law enforcement, you turn the evidence over to the head of human resources. What they do with it is not your concern.

        There is a reason policemen aren’t also judges.

    • #3341345

      Have a look at Webspy

      by manumit ·

      In reply to Search Employee Computers

      http://www.webspy.com.
      Although more of a realtime monitoring product it may still be helpful.
      Here in the land of Oz this product gets used more and more often to avoid legal liability of company officers.

    • #3341338

      Protect yourself

      by freeozraelised ·

      In reply to Search Employee Computers

      you as IT Administrator must protect yourself.

      I would worry at all about what on the computers.
      I will first introduce some policies:

      1 – internet and email policy
      2 – access to the users C drive policy.

      I am an It adminstrator and at time I need to access the machines and I can see some staff that should not be there. What I do is I remove the program or images and using email I direct the user to the It policies and to the specifice policy. I mean we are It adminstrator and we can access what ever we need. That is why I strongly believe that not all people should be IT Administrators, I have no needs or I don’t even think looking and someting that I should not.

      On the other hand if one day I will see something that is against the law I have a policy that I have to follow.

      So jsut relax. As long as the network is working fine and as long the computers/laptops are working fine all is ok.

      you must remember that is your boss/es don’t provide you with the polices and the tools to perfome what you need to do, you need to explain to them that they probablly don’t want you to do it.

      do your work and keep on learing ….

      Cheers

    • #3341328

      NOT ALLOWED BREAKING THE LAW

      by narendra ·

      In reply to Search Employee Computers

      You cannot monitor any user activity with out their written consent as against their human civil rights. Normally you can put a clause in to the contract or employment. Only then can you monitor.

      All you really have to monitor are email servers/web or proxy servers/Telephone calls and file/print shares. There’s lots of tools out there or you could develop you own.

      • #3341312

        NOT against the law

        by dlandrum1 ·

        In reply to NOT ALLOWED BREAKING THE LAW

        Read any of the current rulings, check with LAW ROOM Audit or any of the other advice sites, check with your own legal counsel.

        No employee of any firm has the right to expect privacy as long has you have presented an acceptable use policy. That policy does not have to be a manuscript.

        All that it needs to contain is the statement that this equipment is owned by the firm and it is to be used by the firm employees for the sole purpose of furthering the business of the firm and to ensure that such is the case, all equipment is subject to random monitoring at anytime without prior notice.

        You can go further to iterate the sexual harassment policy of the firm, etc., but as for the privacy and the legality issue you need do no more.

        You place that statement in the employee handbook and you have every employee – owners included – sign and date it.

        That’s it.

      • #3341286

        What Law?

        by redgranite ·

        In reply to NOT ALLOWED BREAKING THE LAW

        What law prevents an employer from viewing his own equipment at his own place of business?

        The IT equipment is not in the empoyee’s home and does not belong to the employee. If an employee was reading a porno magazine on company time, most would have no problem taking disciplinary action against him. However, if he’s doing it on his employer’s computer, he has first amendment privacy??? That’s ludicrous.

        What about the employer’s right to expect productivity out of an employee he’s PAYING!

        • #3062973

          The Law in Question is ECPA

          by sloanhoo ·

          In reply to What Law?

          There’s a lot of bandying about the “expectation of privacy” in this discussion. I thought it was time to mention that the actual law in question is Electronic Communications Privacy Act of 1986. It was enacted to allow management to listen in unannounced to employees’ phone conversations in call centers “for quality and training purposes,” and it’s been extended to email, voicemail and other forms of electronic communications. It’s about privacy rights, not the particular technological setting.

          The law says you can’t snoop where the employee has a reasonable expectation of privacy. Employers take away that expectation through recorded messages such as “your call may be monitored…”, logon screens on company computers saying they monitor, notice given in employee handbooks and Acceptable Use Policies, etc. Since the inception of the law, courts have looked at each situation to see whether the employee reasonably THOUGHT they had private communications. If the employer suitably dashed those expectations and could prove it, then the court held for the employer. When the employer didn’t have some form of policy and notice to employees (whether or not they asked the employee for permission, the courts have generally held for the employee.

          So-it’s not the form of the policy or even the justification for snooping: it is whether the employer tells the employee they have no privacy.
          End of story. Now would someone please answer the original question?

      • #3341549

        josh is obviously not a lawyer

        by mmcdonal ·

        In reply to NOT ALLOWED BREAKING THE LAW

        This is not a civil rights issue. This is a search and seizure issue.

        Most good IT shops have a warning about using equipment for business purposes only. Most courts uphold the claim that all business activities of the employee are the property of the employer, and that, in the case where the employee is forwarned, they have no reasonable expectation of privacy (RXP) in the contents of their computers. No RXP is an exception to search and seizure protections.

      • #3246744

        Have you read the Patiots Act?

        by rudolph.schubert ·

        In reply to NOT ALLOWED BREAKING THE LAW

        Have you read the Patiots Act?

      • #3246655

        NOT TRUE!

        by gbig@customerselects.com ·

        In reply to NOT ALLOWED BREAKING THE LAW

        A simple policy statement, which most companies now have, states that company property shall not be used for personal purposes, and that there is no implication of privacy for employees, whether on computers, or in the parking lot.

        Even if its not stated in writing, the courts uphold the premise that employees can be fired at will, and that they do not own or have the presumption of privacy AT WORK!

      • #3249177

        Been off-planet for a while?

        by deepsand ·

        In reply to NOT ALLOWED BREAKING THE LAW

        Since your statement bears absolutely no resemblance to reality, the only other explanations are that until recently you were a hermit, far remove from civilization, or that you’ve only recently completed a very long prison sentence, one spent in solitary confiement.

    • #3341324

      Acceptable Use Policy

      by fgarvin ·

      In reply to Search Employee Computers

      When anyone logs onto a Department of Defense Computer, they get a Banner that reads as follows:

      “This is a Department of Defense Computer System. This computer system, including all related equipment, networks, and network devices specifically including Internet access, are provided only for authorized U.S. Government use. DoD Computer Systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability, and operational security. Monitoring includes active attacks by authorized DoD entities to test or verify the security of this system. During monitoring, information may be examined, recorded, copied, and used for authorized purposes. All information, including personal information, placed on or sent over this system may be monitored. Use of this DoD Computer system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal, or other adverse action. Use of this system constitutes consent to monitoring for these purposes. Do you understatnd?”

      There are 2 boxes underneath this statement. One says yes, and the other no. If you click yes, you are allowed to continue the login and use the system. If you click no, you are logged off and returned the Ctrl+Alt+Del screen.

      My point here is that everyone knows and understands the acceptable use policy and break it under threat of discovery by monitoring.

      The computer is not yours to do with as you like. It is not your personal computer. It is a tool provided by the company you work for to complete assigned tasks while being paid by the company.

    • #3341311

      Easy Answer

      by mollenhourb9 ·

      In reply to Search Employee Computers

      Yes, there is. Don’t snoop on their computers. Tell the managers that it is THEIR responsibility to police their employees, and tell HR that it is THEIR responsibility to re-iterate what is acceptable in the “office” and what is not. When IT becomes the behavior police, instead of the technology police, they jump into an area in which they are ill equipped to deal.

      Think back to before there were computers. It was not IT’s job to rumage through people’s desks searching for copies of Playboy. If a person was stupid enough to keep it at work, they new the consequenses if caught (usually they got fired) and so did their manager (a reprimand for keeping a “bad” employee around).

      Let IT do what IT does best. Let HR and your legal department do what they do best.

    • #3341308

      What a surprise!

      by cweb ·

      In reply to Search Employee Computers

      I find these replies surprising in that some seem shocked or outraged that the Company IT department scans company computers for unauthorized material. I’ve been in the IT field for over a decade now and have never seen or been with a company that doesn’t do this! Since companies can be and are held liable for any objectionable material on their computers why wouldn’t they scan?
      As for the original question, you can do a “view thumbnails” under the docs and setting in temporary internet files and any porn will jump out at you.

      • #3246553

        Seems simple… but

        by red_wolf9 ·

        In reply to What a surprise!

        trying to prove that the user actively download the content and that is wasn’t downloaded in the background by some spyware app is another story.

        Any spyware hunter want to chime in on this one? I personally have seen homepages changed to porn sites and tons of “questionable” stuff in the Internet temp folder but you can’t assume that it was the user, not when you consider Adware/Spyware/Trojan infections. The user might only be guilt of clicking Yes/No in a single popup that they got when they mistyped a domain name.

        Yet another reason that we should hand off to HR and not have any role in “the penalty phase”.

    • #3341298

      Is this the best use of IT resources

      by mgates ·

      In reply to Search Employee Computers

      I would think that most IT departments would have a much better use of their time than to snoop around in the files of someone’s computer.

      • #3341260

        Use of resources

        by jamesrl ·

        In reply to Is this the best use of IT resources

        It depends. At one company I was at, a considerable amount of bandwidth was chewed up by internet radio, stock tickers, P2P file sharing etc. This caused us to upgrade the bandwidth a number of times just to keep the business running. At a certain point you have to say enough is enough and cut off non-business uses that singnificantly impact the business. The IUP clearly stated that the net was for business use. In that case, monitoring usage was totally justifiable – even demanded by senior non-IT management.

        As for snooping on personal computers, personally I would avoid doing this unless there was some reason. Unless its been requested by management, or HR, or unless its done in a well publicized manner, its open to being interpreted as arbitrary.

        James

      • #3341247

        You are exactly right!

        by wildhorses ·

        In reply to Is this the best use of IT resources

        I have to do these type of audits but only when requested by a department head…. We don’t have time to go snooping around.

        Some “Junk” is on everyones computer… Make sure you check your own too…….. Oh, and the Company Presidents….

    • #3341263

      Been there

      by dgerlach ·

      In reply to Search Employee Computers

      I’m the network administrator for a small hospital with 600 employees. We also have a group of people who use laptops. Nevertheless, if they want to access network resources, (including the Internet) they have to log on to our network…and that’s where IM (Internet Manager) takes over. Its set up to monitor all activity on the web. Although it automatically blocks certain categories like sexually explicit, you can configure it to notify you by email when users access non-job related sites….such as dating/relationships, shoppping, job searches, online games, gambling, etc. It’s a great program and VERY effective. You can choose to block certain categories or specific sites, but still have it send alerts to you telling you someone’s trying to access something they shouldn’t…or you can just have it pass the traffic without blocking, and send you alerts on where surfers are going. You can also run reports on specific workstations that will tell you all sites visited from that PC.

    • #3341251

      I do this

      by mmcdonal ·

      In reply to Search Employee Computers

      I have written a script that runs at start up and stores the last 25 typed URLs, and the website names extracted from cookie titles to a hidden access database on some of our computers. Then when the person logs in, the data is sent to a central database for analysis. User data is also attached to each record. This works fine.

    • #3341249

      Good Job Tsert, IT guys are the worst violators

      by jeff ·

      In reply to Search Employee Computers

      I’m not surprised by the amount of consternation from the IT folks on this forum. We geeks are the worst when comes to obeying the rules of conduct with our computers and networks.

      That said, this IT pro has a responsibility to enforce the company’s IT policies. The company has considerable liability if takes no steps to enforce it’s policies and illigal data is discovered on it’s systems.

      I now own the computer networking company that I work for and I have had the opportunity to be a consultant for a couple of law suites (on both sides of the issue)that involved abuse of IT systems. This has changed my attitudes towards this sort thing.

      Not only is this man not being unethical, he would be unethical if he made no effort to be aware of his users activities. Good Job!!

    • #3341243

      Wow What are You Guys Talking About

      by hardware guy ·

      In reply to Search Employee Computers

      I don’t know what you guys are talking about!
      I came from a researchy/pseudo-academic environment.

      If we are truly paid for our time and not our
      productivity then I shouldn’t even be allowed
      to follow this thread. It is not directly related
      to what I am paid to do. Technically pushing that idea to the extreme, no body should talk about current events, politics, family at work.

      How many of you guy are do this under company time and using company computer (the original poster included although he may have a justification for seeking advise).

      • #3341506

        I’ll have to plead the fifth there

        by tony hopkinson ·

        In reply to Wow What are You Guys Talking About

        Or is is the fourth ?
        LOL
        I’m a brit so I’ll have a fifth instead, a nice Islay malt in preference

      • #3246785

        Finally some common sense!

        by emmanemms ·

        In reply to Wow What are You Guys Talking About

        Thanks for the good point Hardware Guy! While I agree that company resources should not be abused–from telephones to faxes to email to color printers–I don’t agree that Big Brother should pore over the minutae of every employees activities.

        Where would it stop? Little Quickcams on monitors? Oops! Don’t pick your nose! Unfortunately, the world continues to operate while we are at work. We cannot perform every personal activity after 5:00! As far as I know, banks, doctors’ offices, etc., operate on the same work schedule as most of the country. Which means that once in a while, an employee must do something personal during his workday!

        Abuse is abuse no matter what the form. My experience has been that companies are too lazy to address individual abuse–they prefer the broadbrush approach of either monitoring everyone or limiting access for everyone. There should be a limit to all monitoring.

        To address the original question of searching laptops for inappropriate matter, my question is WHY DOES IT MATTER IF THE INDIVIDUAL IS A PRODUCTIVE EMPLOYEE! Surely the company’s network has installed enough technology to protect their network and their equipment.

        Excuse me, I have to go back to work–which is the “ethical” thing for all of us to do! RIGHT?
        Wake up and smell the java boys.

        • #3246695

          Wake yourself up

          by jamesrl ·

          In reply to Finally some common sense!

          I’ve stood in front of a crowd of 300 users and answered the question, and I’d be happy to do it again.

          Determing productivity, thats really a job for someone’s manager. If monitoring software finds they have been web surfing for 8 hours a day, 5 days a week, then forward that to the appropriate manager and let them deal with it.

          But some things must be blocked for the good of the company. Porn can create a hostile work environment which can lead to workplace issues, and lead to lawsuits. So zero tolerance is just fine by me. Kiddie porn, or any other illegal activity, exposes the company to negative publicity, which impacts shareholders. Zero Tolerance there is fine by me. Going to warez sites, downloading questionable software, running peer to peer programs – all expose the company to potential issues. Why tolerate them??

          Access to the internet at work is a privelege, not a right. It costs the company money, and exposes them to risks. The company has the right, and the obligation to reduce those risks and manage its expenses. If logging all activity is what is required, so be it.

          I do believe in openess – there should be clear notification that monitoring is taking place, and a well documented Internet Usage Policy.

          James

        • #3246545

          I agree

          by emmanemms ·

          In reply to Wake yourself up

          I have no problem with “monitoring” in the least. What I DO have a problem with is a “no tolerance policy” as regards time spent on personal obligations. In a perfect world, everyone would make up time they spend on personal BS. But we don’t live in a perfect world. I just believe Big Brother should (a) definitely be flagged for obvious abuse (e.g., 6 hours at a gambling site, etc.) and (b) understand that some of their resources are going to be used for personal gains by employees (e.g., making a phone call, looking up your son’s medication, etc.). AND I agree that there is potential exposure for a company.

          Having said all of this, however, I suppose you NEVER use the telephone for personal calls (hey, it’s a company resource and you COULD be making a date with a 12 year old in your daughter’s Girl Scout troup!) Get my drift! Why is the net any different from a telephone?

        • #3246524

          Depends on the job

          by jamesrl ·

          In reply to I agree

          My job, and the jobs of my staff, allow for a certain amount of flexibility.

          Other staff in our organization are monitored to the minute as thats the nature of what they do. Their personal productivity is highly analysed and scrutinized. Many of them do not have internet access. If they need personal time, they schedule it.

          Internet access, and flexibility to do personal business on company time are not a right, they are priveleges. For the people at my company who don’t have internet access, there is an old computer provided, and they can use it on breaks or at lunchtime – its anonymous and no one monitors where anyone goes. Its also isolated from the rest of the network. It is in an open area, so its not likly anyone will surf for porn.

          Personal phone calls, even long distance are cheap. They don’t open up the potential for spyware or viruses.

          At that company where I had to stand in front of the users, there was a great debate in regards to how much time was “reasonable”. We decided to take a different approach. We looked at the top twenty users(out of over 3000 employees). We determined whether the usage of the top twenty was legit or not – and if it wasn’t, we took actions, sending usage reports to managers and HR.

          And of course I use the net at work for non work usage, and so do many others. I also work long hours and as a manager get no overtime. But that is a privelege, not a right of employment.

          James

    • #3341239

      You are always watched on the network

      by nlatsha ·

      In reply to Search Employee Computers

      I also find it shocking that some people here are bothered by the fact that they are being watched on their company network.

      Granted there should be some rules of engagement (ROE) for doing searches. The bottom line is this:

      The computer you use at work is company property, not personal property. If it?s a personal computer, it?s most likely not allowed on the network, with the exception being dial-up or VPN access. All bits stored on the local hard drive or traversing the local network belong to the company. Most places have policies to let the user know this, if they don?t, bad on them. I wrote a logon script that randomly dumps the directory listing from a hard drive to an admin protected server. It also dumps the local admin group and changes the local admin password quarterly just in case you figured it out. Then I randomly check those logs to see what?s installed. I?ve found l0pht and other hax0r/sys admin tools installed on more than one machine before. I give the user the benefit of doubt and just uninstall it, or have the small computers guys format the box. That is usually enough to scare the user into not installing bad stuff anymore, and there?s always those pesky logon groups and that paper trail?

      Anything traversing the internet using company IP space is the responsibility of the company. This is regardless of whether it?s regular business hours or not. If you are part of a company with unlimited bandwidth, I don?t think it matters what you surf. But as soon as your surfing habits start to take away from my mission essential services, bad on you. Now I have to go and find out what the top sites visited are. Webspy does a good job of making nice reports for this. It may not even be porn they are surfing, could be streaming radio over the internet. Either case, there needs to be a reason I am seeking this information out, slow internet access, proxy server processing spikes, large log files to store, flux capacitor at 120%, etc.

      Some say it shouldn?t matter what they surf, do your IT stuff, but you have to remember, as an IT net admin, we are responsible from the keyboard to the service delivery point, so no, this doesn?t include that playboy in your desk. I am responsible for the performance of the network and this is IT stuff. I also have to keep my costs down. If I have to buy another proxy server, more bandwidth or a larger storage unit to hold the logs, I need to give a reason. If I go up the chain and ask for another 20K, I need a reason, I don?t think this would fly to well, ?Well, the porn sites, streaming radio, espn.com and mission essential services are slow. We need more money for the mission systems to remain operational and allow the users to surf non-work related sites.? (Side note: Yes, I will block espn.com if its one of the top sites visited, I?ll block pokemon-trading-cards.com if I have to. Actually I?ve had to block both of those in the past. Read: keeping costs down.) My blocked site pages were written by myself and if users wanted to know why it was blocked, they could always ask. Usually they didn?t though; I don?t know why they were afraid to shoot me an email about their favorite site. I always responded very politely with the form email of, ?In the course of normal network administration, we sometimes run across sites that are frequently visited and countless hours are spent? blah blah blah.? I always cc?d their supervisor or division chief, along with my own of course. For some reason they stopped asking why they couldn?t spend hours on some sites anymore?

      The true bottom line: The box you work on belongs to the president/CEO/Dude up top (DUT), he delegated the responsibility to me or my staff and this is one small portion of my job, Of course this all needs to be backed up by the DUT?

    • #3341520

      My personal experience…

      by todd ·

      In reply to Search Employee Computers

      Tsert,

      If your people are using laptops as a mobile user. I have found, that if they are doing something against policy, they are usually smart enough to get ‘anti-spyware’ programs like, FHC (Free History Cleaner), that remove or re-set the caches on their system. If you don’t think that the employee in question is smart enough for that.

      There are programs that will perform ‘forensic’ examines, but I have found most are overly expensive for anything other then law enforcement.

      If you worried that they are doing this stuff at the office, I would suggest setting up a ‘proxy server’ to monitor all activity on your network.
      I grant you, that I do not know the extent of a ‘proxy servers’ abilities as I have not set one up myself. My understanding is, they are capable of recording all outbound or internal web request and all information received, so IF the employee downloads a file (picture,text, etc..), a copy would be stored on the proxy server with their computers IP address and date/time of the download. Since this is a machine outside of the employees control, there is no way for them to remove/erase/alter the data coming in.

      Hope this helps.

      • #3246547

        Check my other reply

        by red_wolf9 ·

        In reply to My personal experience…

        Never mind, I’ll save you the searching read this article most of the applications are freeware.

        http://www.securityfocus.com/infocus/1827

        On the history eraser front, a cheap Linksys cable/DSL router before your gateway router can send all internet URL’s to a logging PC via SNMP. Even the 4 port version is under $80.00 USD.

    • #3341519

      Its part of the job–get over it!

      by mtufts ·

      In reply to Search Employee Computers

      I work for a mental health center. We monitor everything–period. In the administrative policies and procedures we tell employees that we monitor everything. When I give the orientation briefing I tell new employees that we monitor. I also remind them that the computer they are on is NOT their computer and that anything ON that computer–including personal e-mail, website records, etc. is the property of the company they work for an can be used in a court of law AGAINST them. This does two things–it makes sure that they use a good password so someone ELSE doesn’t log onto that computer and download trash and it keeps THEM on their toes regarding internet content and e-mail content. When I find something “questionable” on their computer, I bring it to my supervisor–who tells the CEO. They have one hour to be packed and out the door–period. We have an internet and e-mail monitoring service on our main server. It monitors and blocks websites as well. If they hit a “questionable” website, it blocks them and tells them that they need to tell their network administrator (me)–thus they confess their boo-boo’s. If the site is a valid site and part of their job, I “un-block” the site. No big deal. Before they leave, I run a check of their e-mailbox. I search through EVERYTHING. If I find anything of questionable nature, their exit from the company has just turned into “ineligible for re-hire.” We do not take our network privileges lightly here. Employees do have time to “free surf” before working hours, during lunch, during breaks, and after work. Again–I remind them that they are on a COMPANY network so if they want to play in the “x-rated universe” they had better do it off company site at a personal computer. Enough said.

    • #3341484

      Silly Question

      by pka ·

      In reply to Search Employee Computers

      Any one using a computer should know that ethics go out the window with boot up. Any one expecting privacy on a computer is just plain silly.

    • #3246775

      Personal Lives Don’t Cease from 8-5

      by emmanemms ·

      In reply to Search Employee Computers

      Thanks for the good point Hardware Guy! While I agree that company resources should not be abused–from telephones to faxes to email to color printers–I don’t agree that Big Brother should pore over the minutae of every employees activities.

      Where would it stop? Little Quickcams on monitors? Oops! Don’t pick your nose! Unfortunately, the world continues to operate while we are at work. We cannot perform every personal activity after 5:00! As far as I know, banks, doctors’ offices, etc., operate on the same work schedule as most of the country. Which means that once in a while, an employee must do something personal during his workday!

      Abuse is abuse no matter what the form. My experience has been that companies are too lazy to address individual abuse–they prefer the broadbrush approach of either monitoring everyone or limiting access for everyone. There should be a limit to all monitoring.

      To address the original question of searching laptops for inappropriate matter, my question is WHY DOES IT MATTER IF THE INDIVIDUAL IS A PRODUCTIVE EMPLOYEE! Surely the company’s network has installed enough technology to protect their network and their equipment.

      Excuse me, I have to go back to work–which is the “ethical” thing for all of us to do! RIGHT?
      Wake up and smell the java boys.

      • #3246721

        Why it matters

        by sue’s comment ·

        In reply to Personal Lives Don’t Cease from 8-5

        Maybe you have not had the problem of delivering a laptop 50 miles to a new employee to find the recent Documents listing full of pornographic photos. (In actual fact it contained 6 hours worth of porn.)

        Maybe your husband hasn’t had the embarassment of the police removing his PC from work for a whole day to assess its content after your 13 year old son looked up “Teenage Sex” on your home PC.

        We do warn our staff that we retain the right to look. In the UK the police can look too – with reason. (They did offer counselling services for our son but agreed with us that it was probably a reasonable thing to expect a young teenage to want to find out about!)

        If you are happy with what you do in company time then you really have nothing to fear but we have now stopped users from accessing other’s PCs because inappropriate surfing was becoming a major headache.

        • #3246606

          And right there’s my problem with this drenn: Big Nanny

          by dc_guy ·

          In reply to Why it matters

          I was nodding my head obligingly while reading all this. Sure, ok, yeah, consenting adults making agreements among themselves, even implicit agreements. Fine, whatever they want. Then I saw the word POLICE and my head nodding turned into teeth gnashing.

          If the frelling police have both the ability and the RIGHT to barge into my office, grab the tools of my trade, and start asking me embarrassing questions because of something another family member did, then this whole thing has just gone too bloody far!

          Keep the government’s big blue nose out of my personal and corporate business and you can do whatever the heck you want. As soon as Big Nanny shows up, you’ve lost my vote.

          And don’t start whining to me about protecting children. It’s about time the world’s ADULTS got a little protection from our own out-of-control governments.

        • #3246538

          Ahhh….

          by red_wolf9 ·

          In reply to And right there’s my problem with this drenn: Big Nanny

          I won’t point out that any software maker with the help of US Marshals can enter your business right now and audit license compliance.

          It’s a little late to get up in arms about the governments ability to raid you. And what ever you do don’t call your senator and representative in Congress and tell them to let certain provisions of the USA Patriot Act expire, because they might want to sneak and peak your business, without the courtesy of letting you know or presenting a warrant, until weeks afterwards.

        • #3246508

          Yeah, I guess we should have started that revolution in the 1960s after all

          by dc_guy ·

          In reply to Ahhh….

          The Patriot Act was exactly the sort of thing that we were predicting. Nobody believed us. “Americans would not put up with that for one second. They’d vote every member of Congress out of office in the next election.”

          Sure.

        • #3246470

          1960’s was a little before my time…

          by red_wolf9 ·

          In reply to Yeah, I guess we should have started that revolution in the 1960s after all

          It’s a nice dream, people that actually pay attention to what is going on around them. I for one will not be voting for those that keep several provisions of the Patriot Act alive… alas I’m but a drop in the ocean.

          My comments were not directed at you personaly, just the notion that people want less government interference yet they know next to nothing about the system. Between “it’s for the children” and “it’s to aid in the war againt terrorism”, watch as we hand over our freedoms for the mere perception of security.

          As Benjamin Franklin (also cited to Thomas Jefferson) once said:

          “people willing to trade their freedom for temporary security deserve neither and will lose both”

        • #3246532

          hurrah!

          by emmanemms ·

          In reply to And right there’s my problem with this drenn: Big Nanny

          Couldn’t have said it better myself! Thanks.

        • #3246540

          Makes sense… and

          by emmanemms ·

          In reply to Why it matters

          Yes, your company has issues. And YES, I have dealt with an employees laptop only to find he HAD visited countless porn sites. However, the times of the visits were during his personal time (the wee hours of the morning) via his net connection. Therefore, I only reminded him of company policy regarding monitoring activity. Unfortunately, he really didn’t get that where he went while at home was evident on his laptop. (Most users are clueless on that stuff.)

          Overall, as with a telephone, copier, etc., employees are going to use these resources and will continue to use these resources until their pesonal lives cease to exist from 8-5. Sure!

          I believe it is management’s OBLIGATIONS AND DUTY to deter abuse on all levels by whatever means–but I don’t expect no tolerance and banning usage, etc. It’s just not realistic–not if you want a happy workforce. It’s part of doing business and should be factored into the equation.

    • #3246766

      A safe net?

      by designsp1 ·

      In reply to Search Employee Computers

      There is (or was) a company (Safe Net Corporation — http://www.safenetcorp.com) who we helped architect, develop and flagship their product – SafeNet and SafeNet Pro, an internet monitoring software for just as you described. It provides a slide show of usages, and they used to have an ASP service that did a similar service but only live for businesses, etc. The box version can be, or could be purchased Staples office suply stores. This was back in late 99, early 2000, so I am unaware of their status to date. One thing I can attest to, it DID work!

    • #3246762

      My 2 copper coins and some tools

      by red_wolf9 ·

      In reply to Search Employee Computers

      I don?t want to debate the legality of you doing searches on your own. If your company has no clear Internet Usage Policy (IUP) then your outside of your authority, plain and simple by looking your in the wrong.

      That being said? there are very few states that REQUIRE (by law) police notification if illegal content is found. Further, reporting it to police is not wise unless you are qualified in forensic investigation (imagine reporting ?questionable? material to the police and destroying the good name of a foolish user who only real crime was getting infected with spyware). You might actually find yourself on the receiving end of a lawsuit (possibly multiple lawsuits).

      How hard would it be for a lawyer to paint to as a rogue IT blackmailer that searched (or planted) porn on his clients machine when you were never authorized to perform the afore mentioned search in the first place. So, if you have no IUP stop looking at people?s history, you have not been authorized to perform such searches (right or wrong? it’s not your call).

      Now for the fun stuff…

      First Read this http://www.securityfocus.com/infocus/1827

      Red Cliff Web Historian (freeware)
      http://www.red-cliff.com/index.php?fuseaction=tools.overview

      Pasco (freeware)
      http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/pasco.htm

      IE History viewer (commercial software)
      http://www.phillipsponder.com/histviewer.htm

    • #3246758

      So Who appointed you “Surphing God” ??

      by bootp ·

      In reply to Search Employee Computers

      …. the next step will be for you to put cameras on all the company cars, check the messages on company cell phones, approve the menu at company meals, monitor library cards, and …..

      HEY! I thought that was big brother back in 84, not Mr. Geeko in the computer department.

      Short answer: get a life.

      • #3246730

        Get a life?

        by breadtrk ·

        In reply to So Who appointed you “Surphing God” ??

        He has a life, a life as a networking professional. If the Boss says scan, he scans.

        Again, no grey area here. It is a job, do it or go flip burgers for a living.

        • #3246708

          Not his job ….

          by bootp ·

          In reply to Get a life?

          … take a read of his original post. He is NOT assigned to police the laptops. Rather – when they are in for maintenance, he “takes a look around.”

          Monitoring, stealing company time, mis-use of corporate assets – I am all in sympathy. But, some snot-nosed kid poking around on laptops just because he can strikes me as being a bit sick.

    • #3246747

      Whose are they?

      by rudolph.schubert ·

      In reply to Search Employee Computers

      The question of ethics is fundamental.
      1. What is the comapny policy regarding bringing personal items to the job?
      2. Large stores do not let employees bring personal belongings on the selling floor. Nor do they allow cell phones.
      3. Are these laptops owned by the company or by the individual?
      4. If they are owned by the company, the policy should be for “Company Use Only” and be subjected to hard drive checks and clean-ups. Windows 2000 and above readily allow for this.
      5. If the computer is owned by the individual, why is your company allowing access to their files? This is a fundamental breach of security!

    • #3246728

      Computer Searches

      by methatswho ·

      In reply to Search Employee Computers

      I work for the public school system. This district has over 3000 computers. We only search a computer when we are called in to do a search. We use a program called STG Cache Audit. Sometimes we find unthinkable things on these computers. We are supposed to be teaching students here, not looking for pornographic junk on the Internet. We have found enough evidence on computers from time-to-time to have students suspended and teachers terminated.

      User profiles play an important part in any search like this. If it ever goes to court, chain of evidence will play an important part as well.

      Good luck in your searching!

    • #3246720

      Transparent proxy server

      by kpdriscoll ·

      In reply to Search Employee Computers

      Use a linux firewall running squid proxy server. Configure NAT in iptables to do a transparent proxy of outbound port 80 requests through the squid port. Then analyze squid’s logs with SARG. Then, at least while your people are in-house, you can track where they’ve been. Make sure that you have a clear policy of use of company assets, and use the stats from SARG. It won’t track their usage outside the office, but can give some info to narrow your focus for problems and where you might run a local cache scan.

      • #3246565

        Yeah…

        by john ·

        In reply to Transparent proxy server

        I was gonna say just install a firewall and look at the logs on it, or even watch it in real time.

        If these users take these laptops home and use them for personal computing chores (if permissable in company policy), then you have a grey area, but you can prevent unauthorized acitivty on your network at work with a firewall with stateful packet inspection and a web filter. I find it strange that you are going to all the trouble to search individual computers manually. Makes me wonder what the problems are that would lead to this?

    • #3246706

      Simple solution

      by sue’s comment ·

      In reply to Search Employee Computers

      Use explorer to look for gifs and jpg (jpeg) files or other relevant filetypes. Not many people know that just visiting a porn site fills your PC with images!

      The file locations/filenames usually give the content away and it is then easy to locate the files for deletion.

      Also, this is a good way to look at the time and date that these files were downloaded. The ones I found on a “cleaned” laptop, I was taking to a new employee, were created between 11pm and 3am over a weekend. Turned out an employee’s flatmate was to blame! His “live-in” girlfriend was none too pleased – neither was he when we traced his actions via his credit card transactions and presented him with a report of 6 hours worth of surfing. He actually asked us how he could clean up his office PC!

    • #3246705

      Bottom Line

      by arahigihs ·

      In reply to Search Employee Computers

      While this has sparked a very interesting and sometimes heated discussion, the bottom line still remains the same. If the equipment belongs to the company, then that equipment is subject to management and monitoring by the company or those paid to do so.
      Not every company can see the need for or even afford the automated software that will remove this sometimes menial task from our shoulders. This is just one of the many things that we are paid to do, for crying out loud.
      I have yet to see a company policy that says that it is ok to use the company PC’s for the downloading of pirated material or inappropriate and offensive content. Granted, there will be some personal use on company machines, even by those in positions of authority. However, that does not mean that monitoring the sites and content of the machines is “unethical”.
      In order for the company to survive, it must be able to enforce the policies that it has implemented for its operation. In order to enforce those policies, certain people are paid, IT Executives namely, to make sure that those policies are being adhered to.
      Don’t get me wrong, I’m not saying that we have the authority to fire someone who isn’t following the policy the way that we, as IT Executives, feel it should be followed. But it is our duty to our employers to report such suspicious behavior to those who have to make those unpleasant decisions.

    • #3246684

      To actually answer the question, and not question your motives…

      by justjoel99 ·

      In reply to Search Employee Computers

      To actually answer the question, and not question your motives…

      If the machines in question are running Windows, you can browse to the folder in question and change the view setting to “Thumbnails”. This will give you a quick (and free) glimpse at what kinds of pictures are saved on the computer.

    • #3246651

      Complete Answer

      by lightwave ·

      In reply to Search Employee Computers

      disclaimer
      ————–
      Look, I’ve been in the industry for 12-13 years. I currently contract with various companies to setup servers, firewalls, filters, etc. I work with companies who have anywhere from 10000 workstations to 50 workstations. I will not be questioning your motives here. I know there are reasons to do it sometimes, I’ve been there, done that, and I’ve worked with the police and forensics people with seizing a computer before.

      Solution 1 (current situation)
      ——————————-
      If your users are all using Internet Exploder, then you can do this. You can view the index.dat file (hidden) for each profile on the machine. This cannot be done without a utility that can interpret what’s in there (its not just plain text). There are a whole bunch of these on the web. There are some free ones that I would recommend simply because they have no limitations and they’re free. Do a search on your favorite search engine for “index.dat viewer” and you should be able to find one.

      Solution 2 (better solution)
      —————————–
      The best thing to do is to implement some kind of centralized filtering/caching system. There are plenty of these systems around. A previous writer mentioned Microsoft ISA server. This is a good solution if you do it right. But there are some really good “appliance” type hardware out there, that you just plug into the edge of your network and they take care of it all. The best ones employ a database, SQL-based, to track everything. I’ve worked with some very good stuff that you setup in the beginning with all the rules you want, then let it go. You can logon and check multitudes of reports of user activity and print them at the click of a mouse. You can also have it alert you via email when a specific rule has been broken.

      So, if your people were filtered in the first place, they would never be able to go where you don’t want them to go.

      As for laptops, when they take them home or on the road, I’m not sure of the legality of checking the machines. I think that you can because they’re
      company property.

      • #3246642

        Forgot one thing

        by lightwave ·

        In reply to Complete Answer

        I forgot to mention that the index.dat file collects a history from the time that IE was first installed. It doesn’t matter if the user has cleaned the temporary files and they’re no longer there, the tracks are still in the index.dat file. They can delete temp. files, online and offline, and history, and the index.dat is still intact.

        This will work most of the time because (1) most people use IE, and (2) you can’t delete the index.dat file from windows. The only way to delete it is to boot from another OS (DOS, Linux,etc.) and access the drive from there.

        • #3246528

          Not so…

          by red_wolf9 ·

          In reply to Forgot one thing

          You can delete the index.dat files just fine, providing you enable viewing them from folder options AND if your doing so from a different user (assume admin) on the PC. So as admin I have no problem deleting JoeUser’s index.dat files in his documents and settings folder, so long as I’m not logged in as Joe User.

          I use FireFox so my index.dat is pretty much empty.

    • #3246613

      Prevention

      by pigbear ·

      In reply to Search Employee Computers

      I’ve been through what you’re dealing with. I would suggest that prevention is easier than trying to go back after the fact. I don’t know the details of your organization but would assume that you have some sort of firewall application/suite on the local laptop to protect it while out in the field. I know that Norton Internet Security and Zone Alarm offer parental control filters as do other vendors like Surf Patrol.

      Perhaps you could sit down with your boss and propose that one of these applications be purchased and rolled out to all of the laptop users to assist with enforcing the policy. They also offer reporting features so that you can review surfing habits should an issue arise or you need to audit a laptop.

      I’m surprised at some of the attitudes and responses to your request. A company is legally responsible for the actions of it’s employees using it’s equipment and has the right to protect itself. Keep up the good fight.

      • #3246554

        ethics

        by john.f.sullivan ·

        In reply to Prevention

        I’m surprised at the reaction of some people. Our job is to keep the network running at all cost, making sure that data is there. Allowing the user community to do what ever they wanted with company equipment could compromise the whole organization. I have to clean the machines that are on the internet. We don’t allow everyone internet access due to the problems of spyware, viruses and other threats that are out there. Viewing, reporting and cleaning data that shouldn’t be on the systems in a work environment isn’t unethical at all, it’s our job.

    • #3246585

      Ethics

      by rjansen ·

      In reply to Search Employee Computers

      Hi,

      I have the same difficulty. I do not look at it as ethics though. We have made a policy and a form and all employees read it and sign it. It is a basic policy that is attempting to protect our information and network.

      It has nothing to do with ethics. When an employee is out surfing the net and allowing hackers in my system, then I have extra work to do to fix what this employee did to my network.

      I do not have enough time to do the work I have to do now. I do not need the added work from someone allowing a possible hacker in and destroy my network, steal my information and making more work for me in the end.

      That is the purpose of the policy. When you are at work working on an employer owned machine there is no personal privacy. It is the companies equipment. The company is responsible for content on that machine no matter how it gets there. There is no personal privacy on an employer owned machine. Ask the courts if you think I am wrong. The courts have fallen in, in favor of the other party than the company.

      If you want privacy go home and use your own machine. Don’t use company time that the company is paying you for to do your personal business, take it home!!

    • #3246562

      EVERYONE IS MISSING THE POINT!

      by skontos ·

      In reply to Search Employee Computers

      The dude is looking for a program that will help him do the monitoring (or snooping, if you prefer).

      He is not asking you for your opinion of the ethics involved. That’s another forum. A software name, please. A URL – even better.

      SOMEONE, PLEASE, let’s hear about a program that will sniff, snoop and monitor what is going on, on the network. So we can end this thread.

      And by the way, the company DOES own everything on THEIR computer, and online banking, ESPN Sports, personal emails and dirty pictures ARE NOT ALLOWED.

      GET OVER IT.

      Sorry, for shouting

    • #3246551

      Shame on you

      by trophyman ·

      In reply to Search Employee Computers

      What happened to ethics and privacy rights?? You have no rights to do what you are trying to do. Better not give out your name or company name, both would be slapped with a lawsuit, I guaranty you.

      • #3246489

        Apparently not

        by tony hopkinson ·

        In reply to Shame on you

        Still the fun question would be does he get to check out the top boys portables, or is this trampling about over peoples space just limited to plankton and diatom level in the food chain ?

      • #3247783

        You have no privacy in your company.

        by pigbear ·

        In reply to Shame on you

        As mentioned in other posts, if you use company assets, anything you create, view, etc. is the property of the company. This precedent was set in the courts some time ago.

        If an employee views pornographic material and someone else sees it/finds it offensive, they can file a lawsuit against the company claiming a hostile work environment. The company has a right to protect itself from these suits by preventing the activity in the first place.

        If an employee uses company resources to send out a virus or attack another network, the company is liable for that action and must respond, and then take action against the employee. Again, the company has the right to ensure that this does not happen in the first place.

        There have also been studies done to show how much productivity is lost and how much it costs a company annually due to frivolous surfing, spyware, etc. It’s expensive. Employees are there to to work. However, I do not believe that ocasional browsing on breaks, lunch, etc, in accordance to company policy, causes undue harm.

        You do not have the right to do whatever you wish on a company’s resources. You may do that at home. However, your ISP has the right to shut down your connection/deny you service if you violate their terms of service and acceptable use. Again, if you use their resources to attack another network, share files illegally, you will find that they do not take kindly to that. They have the right to protect themselves from expensive legal action.

        As stated, the employees of tsert’s company sign an Acceptable Use Policy, so they have been notified of what is acceptable and that they are subject to monitoring and review. So it would difficult to bring suit in this regard against that organization.

        Above all, if you don’t do anything wrong, you don’t have anything to worry about.

        • #3247737

          You were nearly doing well until the last

          by tony hopkinson ·

          In reply to You have no privacy in your company.

          sentence.
          Define Wrong
          The working assumption on wrong in this case is anything that may have does or possibly will be deleterious to the company in the past, now or in the future, possibly maybe could be.

          In short don’t do anything and hope you’re not sacked for not doing anything.

          PS. your ISP has a disclaimer, and as much as various interests would like to make them liable for content. They’ve managed not to be dumb enough to get stuck with it. If you point out wrong doing to them, they will probably act on the info but they aren’t responsible for finding wrongdoers.

          Interesting parallel ?

    • #3246549

      Here’s the timesaver.

      by ebeau02 ·

      In reply to Search Employee Computers

      Hello all. I have been a consultant & technical trainer for 15 years. Theres no one tool that can do it all or well.

      Having taught many security classes, I’ve run into many powerful apps. (Ethics aside for the moment. Ethics are always the big debate in the classroom. That and software licensing and activation.)

      The perfect tool for Internet history is NetAnalysis from http://www.digital-detective.co.uk/intro.asp

      It collects the entire history, cookies, etc. Lets you export, search and sort.

      If there is a way to centralize a web proxy, that would be the easiest solution for the future. (As some members have already stated.)

    • #3246516

      Here’s what we use

      by scooterb ·

      In reply to Search Employee Computers

      We use an application called Spector Pro. It has all the bells and whistles you asked about and can be made totally transparent to the user. It can record quite a bit, just depends on how much surfing they do. It will record key strokes, web sites, email, IM, etc. Here’s a link to their web site: http://www.spectorsoft.com/

      • #3247727

        Record keystrokes?

        by craig herberg ·

        In reply to Here’s what we use

        So, you capture their passwords? Don’t you have a policy about sharing their accounts with others? It’s kind of difficult to maintain auditability and accountability if the accounts become shared, by virtue of keystrokes being captured. I sure hope there isn’t a water shortage!

        Craig Herberg

        • #3248587

          Reply To: Search Employee Computers

          by sbrooks ·

          In reply to Record keystrokes?

          Even more to the point, if the person has accesses their own bank from work, and there may be perfectly valid reasons for this, maybe to check that the employee has deposited his pay before he goes on holidays so he can “afford” to go on holiday, using a keylogger you have also recorded his personal banking username and password. Where does the legality end? It may be within your rights to stop him from accessing his bank, but the moment you have keylogged his password you have “hacked” his bank account and could be held liable if anything goes missing.

          Giving a person a company laptop is like giving a person a company car. The company still owns it, but by letting the user take it home you are granting that user the right to use it for any reasonable personal activity, as well as company business, unless you spcifically state in the employment agreement that the laptop is only to be used for company work.

          Failing that, he has a reasonable expectation of privacy, any personal material on the laptop, personal email, photo’s, Bank account passwords, medical records etc, should remain personal. to claim that someone who has commited no offense should not be afraid of having his personal files perused is no excuse, it’s just a justification for nosiness. To claim that the Company is liable if he sends an abusive or threatening email (and etc)is rubbish. The Company can only be held liable if they “knew” he was sending them and did nothing about it!

          Using specious arguments like that to erode personal privacy is currently the “in thing” due to the spectre of terrorism, extending it down the line to justify snooping on every employee just in case one of them does something “wrong” (and where we define “wrong”) is a sad indictment of the current political environment. Trust your employees, by all means monitor network traffic to keep an eye on virus and spyware activity, or indeed net abuse, and perform in depth checks only when required by a complaint or evidence of wrongdoing.

        • #3248520

          Cogently put and reasonable too.

          by tony hopkinson ·

          In reply to Reply To: Search Employee Computers

          Not only that you too read the original post, which many other posters have been guilty of not doing.
          Though I don’t think the spectre of terrorism has anything to do with it as such, simply the bang some get out of the power.

          Keylogging is beyond the pale anyway, short of there all ready having been a massive security failure in a very open environment, it’s next to useless and problematic in the ways you describe.

      • #3247708

        ah…. the fun of witch hunting

        by jaredh ·

        In reply to Here’s what we use

        There are several transparent proxy solutions out there that can help. If they have any logging features they should be able to log the user acct and what url they visited from what IP address at what time. There are solutions that are able to tie into various Directories such as LDAP that make this even easier. This way, you don’t have to deal with looking at individual machines, just look at your proxy usage logs.

    • #3247689

      hy Monitor?

      by davea1955 ·

      In reply to Search Employee Computers

      If surfing the Internet is such an issue, create work groups and restrict the sites (inter or intra) access to that which is required for the employee?s job. After all you are the adminisrtator right? Or is that too much like work?

      • #3247635

        pathetic!

        by rapell ·

        In reply to hy Monitor?

        I cannot believe that anyone dealing with network security in this day and age can even question the usefulness of monitoring! This should come naturally, it is a control mechanism, and simply blocking out sights does not solve problems. Problems can be internal! Printing sensitive info, saving to removable media. The list of internal risk is endless. As they say, the greatest threat to security is the Human element-what pple do! Hence it follows that you must monitor what they do. It may not be your job but it?s you who can do it best, know what to look for, knowledge that HR staff don?t have. The problem with most pple who are against monitoring or spying is that they are looking at it in terms of…….
        wait……
        It?s coming…….

        PORNOGRAPHY

        -And anyway, what if an employee is using your web server for child porn?? It could be a fellow IT staff, do you monitor your PCs too? you shoould audit the whole network, not just ‘users’.

    • #3247621

      Snitch Software

      by chewybass ·

      In reply to Search Employee Computers

      I have found this to be an excellent tool to check on systems that have been questioned. I see there are many opposed to just checking. Our policy is always that the request must come from above. Once the director has made the request we spring into action. Snitch is the best that I have used. It can be found here http://www.hyperdynesoftware.com/. As for those on the network we utilized Web Inspector, http://www.cyberguard.com/products/webwasher/webwasher_products/Web_Inspector.html. This is very handy because users web history is kept in a database and reports of all kind can be run against the database.

      Happy hunting.

    • #3247583

      Power is so Intoxicating

      by hardware guy ·

      In reply to Search Employee Computers

      Just because I have the privilege.
      Just because I can.
      Just because it makes me feel so good.

      Leave ethics aside.
      The Nazi said “I am doing my job” during WWII.
      The CEO said “For Shareholder Value”
      The IT department said “I can surf but you can’t”
      The police speeds, running RED LIGHTS turing the siren on only at the intersection whereas you get a ticket.

      Rank has privileges
      Wake Up
      Face Life, we live in an IMPERFECT world.

      Hope the oppression are not in the point that needs uprising.

      • #3247578

        Now Comes the $1000000 Question

        by hardware guy ·

        In reply to Power is so Intoxicating

        Bottom Line: Are you snooping around your CEO’s laptop with the same vigilance as you scan the other?

        • #3247562

          Strangely enough I wondered about that too

          by tony hopkinson ·

          In reply to Now Comes the $1000000 Question

          Would you more shocked than a shocked person who’d just had a very shocking experience, if he wasn’t allowed to for say confidentiality reasons ?

        • #3247561

          Automated tools

          by jamesrl ·

          In reply to Now Comes the $1000000 Question

          Block everyone equally.

          Record everyone’s habits equally.

          I have had to respond to a few complaints from executives. Most were understanding in the end.

          I once had a Vice President at a 17 billion dollar revenue company yell at me to take the security software off his computer. I told him I’d be happy to as soon as I was asked to in writing from the head of corporate security. The conversation ended there. I never got the letter.

          I do think that there does have to be fairness in any of these kinds of actions.

          I don’t think monitoring web traffic on the computer and network you provide employees is being a Nazi. That is a gross insult both to those who have to do this as part of their jobs, and to those who died under real oppression.

          James

        • #3247537

          Don’t be so sensitive

          by hardware guy ·

          In reply to Automated tools

          Never said that anyone is a Nazi.

          Doing my job is not an excuse. One has to understand why one is doing what one is doing.

          I list a bunch of things, neither did I imply the IT guy is the CEO nor did I imply the IT guy is the police. Why just pick the Nazi?

          One needs to be consistent and objective.

          My comment is just to provoke thought, no accusations

        • #3247535

          That’s where the differences come in though

          by tony hopkinson ·

          In reply to Automated tools

          If you are talking about what you can do on the system when the portable is plugged in at work. Aside from ‘objectionable’ emails an admin can get tools to cope with anything they know/care about.

          If they are at home and have the facility to use a machine through their own connection, as opposed to the company’s, then I think you are on dodgy ground unless there is a fair policy in place that basically says anything you do with this machine we can look at so don’t do anything but company business on it.
          Where I work those who have portables do all company business by ‘dialing in’, then they are monitored and controlled. The portables themselves are locked down to the same extent as the desktops.
          Go through all this clat to protect your infrastructure is sensible considering the general level of education out there, but it won’t protect the company from any liability from an ‘offensive’ file or email. 01.jpg or an english insult with no profanities will not be spotted, just confirmed.

        • #3247521

          Thanks

          by hardware guy ·

          In reply to That’s where the differences come in though

          Tony, you are logical and I enjoyed talking to you. (Not implying James is not, he does have a good solution).

          I have no problem with policies as long as it applies to all.
          James approach and using software is good.
          (1) However, once a file if flagged by software to be unsuitable, who makes the determination.
          (2) What is the false positive identification?
          (3) Being a professional one understands that you use company resources for company purpose and if you do anything private you be warned. The question is in the gray area where you are not doing anything illegal, like making an occasional phonecall home to tell your wife you will be late because of work and then during the conversation talk about some private issues. If the company hires someone to monitor all phone calls, I would not be too happy although I would be stupid to talk about private matter over the phone.
          (4) Finally who are the watchers and who watches the watchers and what the watchers do with the information if none of which is illegal or has liabilities.
          (5) I know this is a very difficult issue, especially with all the wireless connections.

          Ciao

        • #3248787

          How it works

          by jamesrl ·

          In reply to Thanks

          I have no idea how it works at my current company.

          But at a previous employee I was heavily involved, and actually used the software involved.

          The software vendor creates a Block list(s) that you subscribe to, they can include catagories like Porn, Warez sites etc., so you can pick and chose what areas you want to block. You can also manually add addresses to the block list. Typically we would look at the top 20 sites visited, and if any of them were questionable, block them.

          False Positives – if we blocked a site, the error message would say, if you think this site was blocked in error, please contact – admin at mail.box. There were a few, like a national newspaper that ran a series of articles on sexual health.

          As for warning people even if they had not done anything illegal, there was a threshold – X number of hours per month, and your manager would be informed of your surfing habits. If you had nothing to hide, or your manager didn’t care, nothing was done. Many companies by the way monitor phone calls.

          Who watches the watchers? Good question. We tried to limit access to the information as much as possible and use discreet and trustworthy people to monitor the site. Senior management didn’t involve themsleves unless there was a conflict – someone who disputed what the data said for example.

          As for wireless – if its with a public wireless company – we can’t monitor. For those people you have to ensure they have up to date virus definitions and anti-spyware software.

          James

        • #3248774

          Consistant policy

          by craig herberg ·

          In reply to Automated tools

          This is probably the best anyone can hope for — a policy that works the same for everybody, especially when it is communicated clearly.

          I do take exception when organizations record keystrokes, though. When the employees’ passwords are known by whoever monitors the keystrokes, I think that auditability and accountability are compromised.

          Craig Herberg

      • #3248655

        No right to personal use of company property.

        by deepsand ·

        In reply to Power is so Intoxicating

        And, no expectations of privacy when doing so.

        It’s that simple.

        • #3246910

          Love Monkey Wrenches

          by hardware guy ·

          In reply to No right to personal use of company property.

          Disclaimer: this is not saying you are wrong, I actually support your view that one should not use company property for personal use.

          However, I am losing interest in this thread and found that most people already make up their mind one way or another. Being in engineering and science, we tend to see the world in black and white. It is so good and comforting to say general principles. Yes, yes, whatever the law said one obeys or change it by democractic processes.

          Have you guys ever learn “reductio ad absurdum”. Let me take a ridiculous case that supports you premise 100% but can be reduced to absurdity.

          The restroom is clearly company property and a privilege. I could be wrong, but I do not think that there is a law in the book that requires the company to provide a restroom for the employee and for unlimited use. Therefore, using the company restroom is a privilege and not a right. Furthermore, the restroom is designed and use for one explicit purpose performed two ways. Thus changing in the restroom for running during lunch hours is personal use of company property, so is putting on lipsticks, powering your face, … Forget about the extreme case of video monitoring of the restroom, the company is within its right and contract (in the milder case) to put a keycard on the restroom door and record your personal use of the restroom. If I want to go to the extreme, then video monitor should be allowed, right? Do I expect privacy when I change in the restroom (I don’t mean out in clear view but in the stalls)?

          I am bringing this up not to say that you are wrong but that we are all human. We like it to be clear cut are not always that easy. Yes if that is the rule we willingly/unwillingly agreed to when we get employment, so be it, but don’t say it is wrong to feel bad about it or think that it is unjust. Not until enough people feel bad about the status quo can we expect a change for the better for humanity. All progresses happen due to someone not satisfied with the status quo.

        • #3246906

          Bad example

          by jamesrl ·

          In reply to Love Monkey Wrenches

          There are in many municipalities and states/provinces/countries, laws governing both providing washroom and ensuring that they are private. A washroom is an obligation that the employer must provide. The ability to use computers for non-company purposes is not an obligation in any way shape or form.

          In most companies that watch the clock, they monitor whether or not someone takes a break, not what they do with it. If you choose to take a smoke break or use the washroom, the employer does not care.

          James

        • #3248061

          VERY bad example: factually incorrect. & flawed analogy

          by deepsand ·

          In reply to Love Monkey Wrenches

          1) Yes, the laws DO require that an employer provide suitable facilities for the execution of necessary bodily functions. Accordingly, one uses this “property” by virtue of right, not privilege.

          2) By providing additional amenities, such as mirrors, the owner of said facilities has implicitly granted users of such the right to engage in activities over and above those of mere neccesity. So long as such are lawful, cause no loss to the owner, and are not otherwise expressly forbidden, any and all reasonable activities are permitted.

          3) One’s civil right to privacy is NOT waived merely by virtue of being on the property of another.

          Finally, I would note that your analogy is badly flawed.

          The use of bathrooms deals with necessary activities which lack the potential to harm the property owner; the issue at hand involves discretionary activities, for personal gain, with much risk of harm to the owner of the property being used.

        • #3248017

          Puts me in mind of a set of files I saw

          by tony hopkinson ·

          In reply to VERY bad example: factually incorrect. & flawed analogy

          on someone’s pc called Gloryhole. Well I didn’t know what it was at the time!.
          Damn strange, but each to their own, though I suppose you could do them for vandalism at least.
          LOL

        • #3247938

          Sheltered much?

          by deepsand ·

          In reply to Puts me in mind of a set of files I saw

          The term “gloryhole” is at least 4 decades old!

          Ah, to be young and innocent again.

        • #3247999

          Here is where I stopped

          by hardware guy ·

          In reply to VERY bad example: factually incorrect. & flawed analogy

          Please, see the forest from the trees.

          Look at history.
          All the rights are put into the books when the technology exists and some of the after challenge in court.

          I am not going to argue details. You missed the point.

          Look into the law and see when the owners/companies are bound to provide that and also how universal is the provision. If it is inalienable rights, then I would imagine all third world countries are bounded by the same law.

          I am calling it quits now.

        • #3247928

          Civil rights vs Legal rights.

          by deepsand ·

          In reply to Here is where I stopped

          As noted by others here, employers in this country have a legal obligation to provide the facilities in question; from said obligation accures a legal right to employees.

          Firthermore, I do know that the lawsin NJ are not those of some 3rd world country.

          And lastly, the subject at hand involves legal rights only; civil rights are here of no relevance.

    • #3248671

      Who OWNS the laptops.

      by deepsand ·

      In reply to Search Employee Computers

      No doubt you’ve noticed by now that many here fail to understand the fact that a company has the right to control the use of its property.

      The only real issue at hand then becomes the ownership of the laptops in question.

      Unless they are the private property of the employees, they are subject to company control.

      • #3248586

        Ownership

        by mikemcc ·

        In reply to Who OWNS the laptops.

        Finally someone who realizes what’s going on.
        The company paid for these laptops, in all probability is paying for the internet access and is definately paying for the repair and maintenance of these machines.

        As an example, a company owned laptop was brought in recently with the complaint of being slow. Found the firewall, virus protection and spybot disabled with the end result of 244 troj/virus/spyware programs loaded and running.

        Do we bill the employee, fire the employee or clean it up and go on? How much is spent on supporting employees who will not comply with allowed use policies?

        • #3248549

          Publish Guidelines to Use & Company Policy re. Abuse

          by deepsand ·

          In reply to Ownership

          1) Prepare & publish Guidelines re. acceptable & un-acceptable use of company computers, as well as a separate Policy re. assessment of cost to repair, determination of liabilities for such, manner in which company will use to achieve re-imbursement of employee’s share of said cost, & circumstances under which violation of said Guidelines may lead to termination.
          2) Distribute to all existing & future employees.
          3) Enforce Guidelines & Policy equitably, but firmly. If not, the company will open itself to charges that enforcement is arbitrary, capricious, and/or discriminatory.

          Obviously this will require the full support of appropriate executive management.

        • #3248519

          None of that is a problem

          by tony hopkinson ·

          In reply to Publish Guidelines to Use & Company Policy re. Abuse

          However if your company issues you with a portable. Is there an expectation of reasonable personal use.
          The company gains from both the connectivity and from the control. After all it’s much more problematic for employees to do business with their own equipment.
          The big problem with a portable is that it’s a portable. You take it home use it in a potentially unsanitized environment and then carry it and any dirty items inside the company firewall. But does that difficulty require browser cache and mailbox snooping ?
          A fun thought if the portable got infected at work, and then you plugged it into your own personal systems and it infected them, would the company be liable ?
          Turn about is fair play after all

        • #3247094

          “Due Diligence ” & “Reasonable Care” are the pivotal factors.

          by deepsand ·

          In reply to None of that is a problem

          Firstly, if one is issued a company portable, with the ability to connect to the internet/intranet, I see no need for the employee to connect it to any of his personal machines.

          However, assuming that the employee’s personal machine(s) may in some manner interact with those of the employer, regardless of which machine might facilitate the “corruption” of the other, the issue of liability hinges on the titled factors.

          This is why it is important that the employer must prospectively address the issues of acceptable practices, etal.

        • #3247036

          That’s not very comforting

          by tony hopkinson ·

          In reply to “Due Diligence ” & “Reasonable Care” are the pivotal factors.

          Give my setup is more secure than the corporate one that’s in place.
          I’ve never been virused, but the corporate network gets hit every time a new one comes out or so it seems anyway.

        • #3246989

          Ditto. And, therefore, I’m not concerned by …

          by deepsand ·

          In reply to That’s not very comforting

          the possibility that my personal systems might be compromised by those of my clients.

          I exercise due diligence with respect to my systems’ security measures by treating clients’ sites the same as any other.

          I have yet to become infected by any virus; and, the only instance of any other malware was a relatively benign variant of coolwebsearch, which was quickly and easily dispatched with CWShredder.

      • #3247052

        re: Who Owns the laptops

        by unixmandt ·

        In reply to Who OWNS the laptops.

        It is my guess the company owns the equipment and can make any computer usage policy they want. You can use web monitoring solutions like “Web Washer” which attaches to your firewall and blocks known bad web sites and logs the hits that successfully get out. All you have to do is search the log to see what kind of sites the people are getting to. It even tells you the IP address of the computer that got out. Legitimate business you can ignore, searching on key words from the log file will tell you what is going on with the internet traffic. This way you do not even need the laptop to see what is going on.

        • #3246991

          Yes, probably the company’s property.

          by deepsand ·

          In reply to re: Who Owns the laptops

          That was my point; i.e. that the company has the right to control the use of its property.

          There are here present too many who hold that they have the right to use the property of others as they so desire.

        • #3246924

          ACtually there seem to be very few of us

          by tony hopkinson ·

          In reply to Yes, probably the company’s property.

          Though I suppose one could be too many.
          LOL
          However as they so desire is a bit unfair. I thinks it’s perfectly reasonable to email a friend, go on to TR, check my bank balance on the company portable provided me so they can reach me away from the office presumably where they’ve sent me on company business. I think given this situation, not only is there a reasonable expectation of personal use, there’s also a reasonable expectation of privacy as well.
          If this is n’t the case, then the policy should be very clear.
          I’m only talking off site/ out of hours here, where the portable has been provided for the benefit of the business. The only solution that’s coming across at the moment is the employees should carry their own portable about for non-company business as well as the company one, which is a tad impractical.
          I’ll be the first to admit that in giving me some personal space on company property gives rise to a potential for abuse, but I fail to see a practical option to do anything other than trust me until I’m proven untrustworthy.

        • #3246903

          Yup, Right on the Money

          by hardware guy ·

          In reply to ACtually there seem to be very few of us

          Tony,

          Love your last paragraph, sums up my sentiments completely.
          I am signing off this thread. With that paragraph I need to say no more. THANKS

        • #3248056

          Missed the point?

          by deepsand ·

          In reply to Yup, Right on the Money

          See below post re. Privilege vs Right.

        • #3247993

          True

          by tony hopkinson ·

          In reply to Missed the point?

          but trust is neither a privilige nor a right it’s a trade, your trust for mine, no other currency but trust will do.

        • #3247944

          Trust is a privilege, in that …

          by deepsand ·

          In reply to Missed the point?

          it can be revoked.

        • #3248072

          But it is still company property

          by tundraroamer ·

          In reply to ACtually there seem to be very few of us

          No matter how you slice it, he who owns it dictates what and how it is used. If corporate policy says no personal use, then that is what it means. Our policy restricts private use during work time but does not say no to after-hours. It is clear that anything you put on there is subject to review and you better not downloaded anything harmful or illegal at any time. One solution for a laptop “personal space” is to use a USB thumb drive to store your stuff. That is not an inconvenience to carry around. Then use of the laptop after hours for personal use becomes less of an issue. It does not really solve web surfing and temp files which gets most people in trouble unless the user can change his settings to point at the USB drive. Most of my users don’t know how to do that.

        • #3248026

          The laptop is company property

          by tony hopkinson ·

          In reply to But it is still company property

          but the employee isn’t. If you allow them to use the portable for other than company business as quid pro quo for being available then they must be accorded a level of privacy equivalent to that reasonable personal use otherwise they’ve received nothing in return for agreeing to be contactable at all times.
          The biggest security asset you can have is competent users. It’s just cheaper to pay a netadmin not to trust them.

        • #3248057

          Privilege vs Right.

          by deepsand ·

          In reply to ACtually there seem to be very few of us

          You and I recognize that our personal use of an employer’s or client’s property, be it the telephone, copier, fax, computer, etc. is the exercise of a privilege, not a right.

          Far too many TR memebers seem to either not understand the distinction, or deliberately reject it as being inapplicable to them.

        • #3248002

          I’ll go with that

          by tony hopkinson ·

          In reply to Privilege vs Right.

          but I’ve always operated on the principle that a company is privileged to employ me, seeing as they certainly don’t have the right to.

          Still I’m one of those rare people who’s ego is as big as his head.

          With some justification of course
          LOL

        • #3247941

          No big head.

          by deepsand ·

          In reply to I’ll go with that

          In the strict sense of the word, you are correct.

          Since the company has no inate right to force you to work for them, but requires your consent for such, you are extending a privilege to them by accepting an offer of employment.

          Your head’s no bigger than mine.

    • #3248642

      Try SeqoiaView

      by jackson_robert54 ·

      In reply to Search Employee Computers

      Bypassing all the ethics stuff, if you need to know what’s on a computer try SeqoiaView. A neat graph of the partition. You can colour code for the file types you are concerned about. Clicking on the colour gets you the path to the file. It’s also a great way to see what is hogging disk space.
      http://www.win.tue.nl/sequoiaview/

    • #3247843

      Automate

      by rohitsahai ·

      In reply to Search Employee Computers

      Hi All,

      Most of the maintenance activities can be automated. e.g Internet cache can be deleted while someone closes the browser. This can be configured on IE and there are many ways of doing it. You can do it thru group policies.

      You can create standard desktop images (or follow a process for all installations) where in you customize all Temp variables to say D:\Temp. Then all users’ temp data is in this folder and not embedded in their profiles, making it much easier to manage.

      Also there are tools like network file locator for windows and ‘whereis’ for DOS. I’d used whereis very effectively on DOS envn as it support the action on the searched file. So I can search for say *.tmp (using batch files) and delete in the same command – No manual intervention

      I guess one has to build little tools as per the specific need.

    • #3261471

      Jndex.dat

      by ka4nmx ·

      In reply to Search Employee Computers

      Do a Google search for Index.dat Viewer. A free index reader that will get all kinds of info quick and eaisly. I use it almost daily.

    • #3261046

      what would your momma think?

      by shawn.reinhard ·

      In reply to Search Employee Computers

      We have 2 policies in place:
      1 is a logon banner that spells out acceptable use
      2 when new employees start, when I explain policy 1, I tell them that if their momma can’t watch over their shoulder when they surf, they better save it for home in the dark.
      As for monitoring, between GFI and ISA logs/reports, we see it all……

    • #3241305

      TOTALLY ACCEPTABLE

      by zczc23119 ·

      In reply to Search Employee Computers

      The matter of sending Data Security is you job. that do not possess all informative content on behalf of the company , as you say take up company time as far as processing, company money as far as HDD storage, as quite rightly as you say clog up you message server which belong to the company.

      I have even gone to the extent of NEVER permitting company owned resources to the application of MP3s, or games of any kind nor Hotmail or private emails. You are employed by the company to act as their administrator and it is your responsibility to ensure ALL company assets are used for company purposes.

      In my country, NON US, virtually NO one has total freedom to surf web sights as this is a pure waste of company assets, time and infrastructure.

      Put you case forward in plan simple terms to the CEO and give the CEO and actual Dollar figure what this what the cost is for HDD storage is costing his company.

      As you are changed with the position of administering the company IT infrastructure its is your RIGHT to withdraw the offenders right to send ALL activity until you can place in simple dollar figures the cost to the CEO of what people are costing the company, not only n IT infrastructure but in lost staff productivity. Good luck this is what your job is all about.

      You control access to the internet/LAN and am employed by the company to act in the companies best interests ? so go forth and fulfill your position authority empowered to you by the nature of your employment.

      As for a software solution I think you should install Novell Small Business Edition 6.5, it gives you all this administrative authority, and will automate software installations as well as upload all the data in the My document folder from the client to the servers my document folder of the user, where the data should be, upon connection whether it be via VPN or cable or I hope not dialup.

      Good luck and check it out. It?s less than half the cost of MS SBS 2003 and you wont need to change any hardware and you get far superior control over email, you can actuall see the history of an email, what time it was sent, what time it was read or deleted or forwarded and the user cannot stop history being recorded.

      Good luck

    • #3240670

      Speaking about productivity

      by crosu ·

      In reply to Search Employee Computers

      From what I understand your philosophy is ?the employee is the enemy? that must be exploited in your favor. Speaking about productivity wouldn?t a lot cheaper to do this monitoring stuff from China? Why not to use contractors to solve in a lot more professional manner network problems whenever they appear rather then paying an IT spy?

    • #3240663

      Speaking about productivity

      by crosu ·

      In reply to Search Employee Computers

      From what I understand your philosophy is ?the employee is the enemy? that must be exploited in your favor. Speaking about productivity wouldn?t be a lot cheaper to do this monitoring stuff from China? Why not to use contractors to solve in a lot more professional manner network problems whenever they appear rather then paying an IT spy?

    • #3254719

      Bad Idea – Temp Internet Files

      by tajohnson ·

      In reply to Search Employee Computers

      With a few exceptions, most people know how to delete their temp files and cookies, and clear their history. Depending on what line of work your business is in they might have accidently “stumbled” across such content. I believe that if a person was doing something worth monitoring, they’ll know how to cover their tracks. I suggest looking into a program.

      • #3181446

        Most don’t know how to find all…

        by deepsand ·

        In reply to Bad Idea – Temp Internet Files

        they’re temp file & cookies.

        Most believe that by using the functions provided via IE Properties panel they’ve gotten all; in fact, such are scattered across any number of sub-directories, not all of which are obvious to the curious.

    • #3179651

      Semi- Related

      by andwhy81 ·

      In reply to Search Employee Computers

      As some of you might have read.. i am the only IT guy here at a small company with NO security policies. I was wandering if anyone knew some links (maybe here) about writing policys or mayby templates or something.

      • #3170062

        Search here at TR

        by deepsand ·

        In reply to Semi- Related

        Over the past year or so I’ve seen a number of references to downloads of the nature that you’re seeking.

Viewing 56 reply threads