ࡱ> *Y bjbjWW ==]fffffffzzzzz z$zn f&ff&&&:ffzzffff&&iff 0zzF Report from ACPAC Work Group: Implementation of NT Authentication This is the report of the ACPAC work group on NT Authentication. The work group consists of Ben Dadson (College Technology Manager), William Bell (Student Congress Representative to ACPAC), Paul Greiggs (TSC-Operations Coordinator) and Mark Piwinsky (Vice Provost). Why is Authentication Necessary? Helps assure that IUP computing resources are being used by those entitled to these services. Without authentication, non-IUP individuals can use computing resources without authorization. As computing resources are limited, this essentially reduces access for IUP students. State auditors are also increasing their calls for universities to take steps to prevent unauthorized use of their resources. Authentication will provide students access to their home directories and, when they are implemented, to new course (project) and web directories. Comments: Student Home Directory service is in place on the server end and several areas are beginning to use it in their classes. If a client machine is setup to authenticate to a Master Security Domain account, and issues the NET USE H: /HOME, the student will be connected to their home directory. Password Changes A major concern with authentication is students forgetting their passwords. Two recommendations are made to address this issue. Recommendation #1 - Password changes will be processed during normal service hours by the Technology Services Center. College Technology Managers will work with the TSC to develop a call-in mechanism so a CTM can request changes by phone. Comments: This is a continuation of existing procedures. College Technology Managers can call TSC-Operations and have a password reset. Students can also have their password reset at the Dispatch Window in Stright Hall. A Photo ID is required for all password resets. Comments: In the NT-domain, the ability to change passwords applies to all passwords. For security reasons, the number of individuals with the ability to change access is very limited. Given the need to protect faculty and student materials, student records and administrative data, the group concurred that this approach should be continued. While some third party tools may allow limited access for password changes, these are expensive and would not be the best use of limited resources. Recommendation #2 Generic log-in accounts would be created for the central labs and, at the discretion of each college, for college/departmental labs. These generic log-in accounts will exist in resource domains that are managed by the Colleges or ATS so they can control the use of these generic accounts. Comments: When the TSC is closed, students who forget their passwords could be provided with access to general resources via these generic accounts. This would not provide access to user-specific services such as home or course directories. An IUP photo ID would be required to obtain access to a generic account. These could be handled by the staff at a particular lab. College Technology Managers would change passwords on these generic accounts on a regular basis. This procedure was seen as an acceptable and cost effective option by the work group. Open Issues The College Technology Managers and ATS would be asked to examine and make a recommendation on the implementation of roving profiles. The implementation of roving profiles is an issue than involves the Windows Client. Implementation Schedule The Work Group recommends that student NT Authentication be implemented in time for the start of Fall 2000. Usernames for all students was incorporated into the IUP Master Security Domain in Fall 1999 and has been used by some Colleges on a limited basis. !#GJXyi } Z c k l u ] n 5CJ>*CJ5CJCJCJ>*CJ!#GHIJVWXyzh i Y Z k l  & F!#GHIJVWXyzh i Y Z k l [ \ ]  0l [ \ ] / =!"#$% [$@$NormalmH 8@8 Heading 1 $$@&5CJ6@6 Heading 2$@& 5>*CJ6@6 Heading 3$@& 5>*CJ<A@<Default Paragraph Font.B@. Body Text5CJ l   <D,3IJ  m  Mark Piwinsky<\\ADMS0100\PROVOFF$\Admin\Acad Computing\ACPAC - NT Auth.doc Mark Piwinsky8C:\WINDOWS\TEMP\AutoRecovery save of ACPAC - NT Auth.asdTSC'C:\WINDOWS\TEMP\ACPAC - NT Auth PMG.docTSC<C:\WINDOWS\TEMP\AutoRecovery save of ACPAC - NT Auth PMG.asdTSC<C:\WINDOWS\TEMP\AutoRecovery save of ACPAC - NT Auth PMG.asdTSC"C:\tempdir\ACPAC - NT Auth PMG.doc Mark Piwinsky'C:\WINDOWS\TEMP\ACPAC - NT Auth PMG.doc Mark Piwinsky>\\ADMS0100\PROVOFF$\Admin\Acad Computing\ACPAC - NT Auth 2.doc Mark Piwinsky>\\ADMS0100\PROVOFF$\Admin\Acad Computing\ACPAC - NT Auth 2.docJ. R. McFerron+C:\My Documents\acpac\ACPAC - NT Auth 2.doclq  hhOJQJo(lq@Tt`@G:Times New Roman5Symbol3& :Arial"phsGsGϋD&$6 !20Report from ACPAC Work Group: Mark PiwinskyJ. R. McFerronRoot Entry0@NYH  D  F! pFi:+1Table@T`HWordDocumentI`@<@@QiSummaryInformation(  ! ACPAC FileArchived ACPAC FryF! B3t+ile#@T`HWordDocumentI`@<@@QiSummaryInformation(4 DocumentSummaryInformation=`@8@ TCompObjl@jObjectPool@.00<@ @T@At@<@WS\Desktop*.*NT-auth$cbennett Mr. Christopher G. Bennett$cbennett Mr. Christopher G. Bennett ՜.+,D՜.+,|8   ,  Report from ACPAC Work Group: Title$,     $08@px _PID_GUIDEktContentID64EktContentLanguageEktFolderId64 EktQuickLinkEktContentTypeEktFolderName EktCmsPath EktExpiryType EktDateCreated EktDateModified EktTaxCategory EktCmsSizeEktSearchableEktEDescriptionekttaxonomyenabledEktShowEventsAN{78701760-5998-11D4-B243-005004605192}`X ;DownloadAsset.aspx?id=88160e@ks@tZArchived ACPAC File tt cbennett$Mr. Christopher G. Bennett cbennettArchived ACPAC FileArchived ACPAC F ՜.+,D՜.+,|8   ,  Report from ACPAC Work Group: Title<D    $ 0<D\LT _PID_GUIDEktContentID64EktContentLanguageEktFolderId64 EktQuickLinkEktContentTypeEktFolderName EktCmsPath EktExpiryType EktDateCreated EktDateModified EktTaxCategory EktCmsSizeEktSearchableEktEDescriptionekttaxonomyenabledEktShowEvents EktInPermAN{78701760-5998-11D4-B243-005004605192}`X ;DownloadAsset.aspx?id=88160e@ks@tZ Summary ArchivedileEktTaxCatego ),Root Entry0@NYH  D  F! /3t+1Table@T`HWordDocumentI`@<@@QiSummaryInformation(4DocumentSummaryInformation=`@8@ CompObjl@jObjectPool@.00<@ @T@At@<@WS\Desktop*.*   !"  FMicrosoft Word Document MSWordDocWord.Document.89q Oh+'0`h 0$ 8T@ @R9@@$6 NT-auth$Mr. Christopher G. Benne