Question

Locked

SHOULD an administrator 'spy' on employees by logging in as the user

By Aussie Gal ·
I have tried to search around here (and Google) for the answer but failed. And I really need this answer if possible, please.

I know that as an Administrator of a small network myself, I can log into another user's account and find out exactly what they have been doing on the company computer. What I don't quite know is this - how ETHICAL/LEGAL is it?

Personally I would not do it as there was no reason to, no hint of wrong doing etc. But I was told another Administrator was asked to do this to the other Administrator, and of course didn't like having to do it.

Should they have done it, or should the manager have asked them to do it? I am in Australia so I am not sure if the law would be different here.

The manager is not an IT person, and may not know the ethical issues involved. And as I am still studying, I am unsure either. So I thought I would come to this great place and ask what you think.

I would appreciate an answer very much. Thank you!

This conversation is currently closed to new comments.

53 total posts (Page 3 of 6)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Answers

Collapse -

Thanks

by Aussie Gal In reply to my thoughts

The problem is there is only one Manager who knows little about IT. The person who was spied on is effectively the IT Manager lol, and I am the IT Volunteer. (Staff is very small.)

I think it is all about control and power.... I totally agree it is unethical, and the person who had to log the manager into the administrator's personal account, is having their own serious issues about it.

I am just lucky I am in a position to do something about this, once I fully understand what the right thing is. I am learning a lot, thanks to everyone here.

Collapse -

What is the WRITTEN computer use policy?

by jdclyde In reply to SHOULD an administrator ' ...

First, is there are reason you suspect the employees?

Second, is the suspected activity SPECIFICALLY listed as a "no no" in the computer use policy?

Third, what does your boss think of this activity?

Very thin ice to walk on, make sure you CYA at all times. If YOU log in as others, YOU could be breaking the policies AND/or invalidating any potential evidence as they can claim you did the activity when YOU were in their account as them.

Collapse -

We are writing the policy now....

by Aussie Gal In reply to What is the WRITTEN compu ...

I might have been misunderstood, but I am the other administrator, that would never do this to anyone. It is my fellow Administrator, who is the IT Manager that is the victim of this. And just a staff member, that the Manager forced to do this, so I was told anyway.

There is no policy yet, we are writing it. There is nothing saying the staff can not chat during lunch, and email during lunch. That is all the administrator was doing. So yeah, there was absolutely nothing to find.

The sad fact is, it has more to do with the ill will between the Manager (Director of whole small organization) and their subordinate IT Manager, than anything else.

It is the boss that had another user do it. And it was another user who logged in as the other Admin, not me. Though I am concerned my account could be compromised as well. what is to stop the Manager doing it to anyone?

If the Manager asked me to do it, I would say NO. But since I am a volunteer, I don't have a job at stake. I do understand the user who did it though as they had no choice.

I just need to find the proof, because the IT Manager only works certain days. So how can I find out (as I am still a student about to study Bachelor of IT) when someone else logged in as them the day they were not there?? I can't do anything without proof...

Thanks for your thoughts :-)

Collapse -

What OS are you working with?

by jdclyde In reply to We are writing the policy ...

If this is a Windows desktop, something as simple as looking at the Event Viewer will show if they system was active at that time, assuming the ADMIN in question has his system off when he is gone for multiple days.

Off the record and off to the side, you can inform the Admin of what you suspect, even if you have no proof to back it up. That will at least allow them to keep from being blindsided, and allow you to sleep at night.

Other than that, try to stay out of it, if at all possible.

Good luck with that.

Collapse -

A network admin

by boxfiddler Moderator In reply to SHOULD an administrator ' ...

should do whatever s/he needs to do to maintain a secure network. As long as what s/he is doing is legal, and within company policy.

Collapse -

I agree.. however....

by Aussie Gal In reply to A network admin

I believe that the Manager had the user log in as the Administrator's personal account, in hopes of getting 'bad' stuff on them. There was nothing to find. And it is one thing to have it done against just a user. But to do it against the IT Manager?????

Collapse -

If the IT manager is a problem

by boxfiddler Moderator In reply to I agree.. however....

who better to take down an entire company, costing how many people their jobs?

Collapse -

No

by nationjd In reply to SHOULD an administrator ' ...

If an IT administrator needs to check anything out on the account, he can usually access it by logging in as administrator and be able to check what files are on the system.

Also, if the IT administrator needs to login as the user/client he could in all actuality reset the password from the domain controller on their account. This other administrator/ manager is wrong for having the other employee's passwords, and should of course be audited and asked why he has them.

Collapse -

The Manager is the one who has and wanted the passwords...

by Aussie Gal In reply to No

It is the Manager who asked for the passwords and was given them... despite my and the other Administrator telling them that it is dangerous and being 'promised' they would not use the passwords.

I have, as I said, today told the users to change their passwords and tell no one. I will get in trouble for that, but I do have power to protect myself and the staff....

The thing is, right now I only have the word of the other Administrator that this happened, however, the 'user' who did it, seemed to allude to the fact that they did something they didn't want to do.. which makes me think, yes this did happen.

I just need to know exactly where I stand so I can try to make things right.

Thanks for your post.

Collapse -

pretty much

by .Martin. In reply to SHOULD an administrator ' ...

as the computers belong to the company, the IT admins can do that if they want, but i know I, and a lot of people on TR would not do this under an circumstances (except when the police come knocking on the door)

Back to Networks Forum
53 total posts (Page 3 of 6)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums