How can I monitor my employees desktops? Is it legal? Where is the line…? Video monitoring or a key logger?
As for legal advice – lawyers we isn’t. So this is just speculation and our experiences. You know how we get down and obviously if you are worried consult a qualified attorney. Happy uncle Saul???
We FEEL that as the company (the man) who owns the PC and the bandwidth (resources) you SHOULD be able to monitor your employees (the slaves) to protect the integrity of your network. How else could you tell the difference between someone downloading kiddie porn and power point documents?
Different states and countries have different laws and statutes for this. Now if you send out an official memo and required your employees to sign it stating that they are aware and agree to the company’s monitoring policy or not use it at all (get fired or quit), you SHOULD be covered.
Alright now we got the legal crap out of the way lets get down to monitoring (spying) the slaves.
You need a service or an app on every machine you want to spy on and a console to access it from. We have tried big brother, dame ware, and vnc among others (Timbuktu on the Mac). It depends on how stealth you want to be, the size of the footprint, and what you want to do once you are connected.
Do you want to use their web cam to see them? Or how about just see their screen or IM windows?
Sparked your interest yet young Admin?
Remember you can use your knowledge for good or for the dark side…
Running AD? Are you a domain Admin or have the local machines root password (Admin access)?
If not chances are you are just looking to stalk you ex-girlfriend. While we have no qualms about that…Maybe another time :)
Are you monitoring your employees? Are you using a free application? Put us on and stay tuned for the follow up post!
July 26, 2007 - 12:21 pm
As long as you have a written policy that every employee must see and sign, as well as see and sign after there are amendments to it, then you are entitled to monitor the computer access in any manner that you see fit to do.
That is essentially what our legal counsel told us.
Also, having researched this, there is cases after cases of people trying to sue employers for monitoring and pretty much every time the employer wins.
Here’s the gist of it. The employer own the machine and the network connection, therefore they are liable for all contents traversing that network and residing on the machines, be it servers or desktops. Therefore the company must protect itself against the liability and can use any manner necessary and employees are should have no reasonable expectation of ANY privacy with a corporate machine on a corporate network.
Click to Reply to This Comment.
July 26, 2007 - 12:32 pm
All excellent points but we want to stress that because Sloth and I have similar setups this might not apply to you.
Certain industries (Health Care, Gov’t Offices, etc.) That this will not fly in – chances are people in these categories have their hands full with other mandatory computer policies like data retention and password age.
Certain rules need to be followed in certain circumstances – how are you dealing with this and do you have any recommendations or suggestions?
Click to Reply to This Comment.
July 26, 2007 - 12:55 pm
I didn’t say we actually did this, because we don’t. Only one time in 6 years did I have to snoop on someone at my current employer, but we reserve the right to! ;-)
You do hit on a good point though Karl, about how HIPPA, Sarb-Ox, and the new electronic document discovery rules for litigation has placed an undue strain on IT and taken us away from internal security which is at times much more important than perimeter security.
It is a difficult balancing act we have as IT Admins. Fortunately at my company, if someone is slacking and wasting time online, they are identified early by their supervisors long before I have to get involved and they are shown the door.
Click to Reply to This Comment.
October 8, 2008 - 7:24 am
I kinda feel like this article is half finished. Yes, as an admin I’m looking for ways to do this on the cheap since my company doesn’t wanna spend money, yet complains when we can’t, and VNC is too obvious, so I was hoping you’d have other solutions and more information, but you stopped right as you started asking questions that peaked my interest as to what might be available.
You also began the article showing several apps you’ve tried, leading up to the fact that you may have found something better, then just stopped. Will there be a follow up to this?
Click to Reply to This Comment.
Karl L. Gechlik | AskTheAdmin.com Reply:
October 8th, 2008 at 7:38 am
Yes there will be a follow up article Mike and we would love to hear what our users are doing as well. Stay tuned.
Click to Reply to This Comment.
October 8, 2008 - 8:18 am
We are using radmin at work. Without passwords (which brings security below zero). Don’t look at me, I am not the one who made and enforced such… interesting setup. :)
Click to Reply to This Comment.
October 8, 2008 - 8:20 am
i have a tool, but using it more than a once in a long while is cruel and therefore i will not share it.
Click to Reply to This Comment.
October 8, 2008 - 4:34 pm
I used Spector Pro on one occassion where we believed an employee was stealing company data. It showed that they were and they were fired for it. I wasn’t directly involed in the firing, but I’m sure the data it collected made it a pretty open and shut case.
It’s really scary how much data it can collect.
My understanding is that once you have a monitoring policy in place and employees agree to it, you can legally monitor at will but you need to treat the whole thing like wiretapping. You can monitor for specific events or when you believe there is unauthorized activity going on, but you can’t monitor specific employees “just for the hell of it” and you can’t continue to monitor what you know to be personal data and communications.
Click to Reply to This Comment.
October 9, 2008 - 8:57 am
we use big brother.
Click to Reply to This Comment.
October 9, 2008 - 12:56 pm
I use this little gem off of sourceforge called Advanced Remote info http://sourceforge.net/projects/ari/.
Can be fiddly at times but gets the screenshots I need when I can smell that they are up to no good.
Click to Reply to This Comment.