Administrative Remote Access Software Policy
Department responsible: ITS Management Office
Adopted by: Admin Cabinet
Owner: Finance Office
Pertains to: All students, faculty and staff
Description: This policy provides Hamline ITS with the ability to resolve computer problems and to provide Hamline computer users with an understanding of their rights under the use of Remote Access Software.
To establish the appropriate use of administrative remote access software at Hamline University, to be used by the Hamline ITS department in conjunction with all computer users of Hamline University in providing support to them in response to their requests for assistance.
This policy applies to all students, faculty, and staff at Hamline University, and contractors that are affiliated with Hamline University on a temporary or permanent basis.
The remote access software applies to PC and Apple, desktop and laptop computers but does not apply to mobile devices due to limitations in mobile devices. The remote access software can be used on Hamline-owned equipment or on personally-owned equipment on campus and worldwide (Internet connection required). Hamline ITS will therefore be able to use this software to assist both employees and students, both on-campus and worldwide.
Purpose and Definition of Terms
Remote Access Software allows authorized individuals to “take control” of a computer across the Hamline network from another location, on or off campus. This enables the support staff of Hamline ITS (“remote technicians”) to diagnose and resolve technical issues without the need to visit a user’s computer in person. The ability to “take control” of a computer involves being able to see remote computer’s screen, operate its cursor, open software and make changes to the setup and functionality of the machine. The “taking control” happens when a “login session” is initiated with the remote computer. Use of this software is carefully managed by ITS and requires specific authorization and training before use. This policy establishes the acceptable use of Remote Access Software at Hamline University via a Code of Practice for Remote Access Software.
Remote Access Software Code of Practice
The use of Remote Access Software is permissible solely for the purpose of remote desktop support via authorized persons. Remote connection privileges will only be granted to authorized and trained computer support staff.
The remote technician will log in remotely only from authenticated, single-account services, where any session can be traced to a particular technician.
The Hamline ITS remote technician will only use the Remote Access Software if they have asked for and received permission from the user to initiate a login session wherein the technician will “take control” of the user’s machine. Before initiating a login session, the technician will notify the user in advance and explain to the user what the purpose of the session is.
Before “taking control” of a machine, the user must be contacted and a time arranged to perform the remote access. The user must be present in order for the remote technician to begin a login session.
The user should be asked to close any windows or files not relevant to the session before allowing their machine to be taken over, and to save any work that is undesirable to potentially lose.
Hamline ITS will ensure that the Remote Access Software is configured to a) require the user to use a mouse click to respond to the remote request in the affirmative, and b) to show with a visible identifier that a remote access sessions is taking place.
The technician will create a service ticket to keep track of the problem, steps taken, and the solution reached.
Remote support is provided purely for the maintenance of computer systems and is not to be used to verify that users are adhering to the policies which govern use of Hamline University computer systems.
Remote connections will only be made in response to a recognized user’s request made through normal ITS or departmental channels as appropriate. In the case of uncertainty concerning the jurisdiction of a particular machine, appropriate authorization will be obtained prior to proceeding.
Remote technicians will not browse systems that they access or attempt to gain access to data or areas of computers not associated with the reported fault or problem, unless this is specifically required to resolve the issue reported by the user and has been agreed to by the user.
In instances where the content of a file or communication appears to have been deliberately protected by its owner (e.g. by encrypting it), there will be no attempt to make the content readable except by the express permission of the owner.
Without the specific permission of the file owner, no activities will be undertaken which will result in the loss or destruction of information.
No deliberate alteration of data will be taken on a user’s machine, unless this is required by the user to resolve the reported issue, or is found to be an unavoidable consequence of recovering the user’s machine to a usable condition. Any necessary changes to user files will be made in such a way as to preserve the information. Any such changes made will be communicated to the affected user, along with the reason for the changes, as soon as possible after the event.
Remote technicians commit to maintaining confidentiality and undertake not to disclose to anyone any information viewed or accessed during remote control sessions, unless the information viewed is suspected of being contrary to the Hamline University’s policies. In that case, it will be reported to the technician’s supervisor for investigation.
After closing a login session, the technician will inform the user the session is closed, then review with the user what steps were taken and what changes were made. The technician will update the service ticket with the same information. Service requests resolved using Remote Access Software should be noted as such on the ticket before the job is completed.
Breaches of the Remote Access Software Code of Practice
The use of Remote Access Software for any purpose other than to assist the end-user
with a request for assistance with a computer problem is potentially a breach of trust from which all participants require protection. Any user who participates in the service and believes that a remote technician has failed to observe any aspect of this Administrative Remote Access Software Policy should report the matter to Hamline’s ITS Management Office. Similarly, if a remote technician is asked to use the Remote Access Software for any purpose other than to undertake support work at the request of the user, they should immediately report this request to the user’s supervisor.
Policy Background and Implications
This policy is to provide Hamline ITS with the ability to resolve computer problems in a more efficient manner, and to provide Hamline computer users with an understanding of their rights under the use of Remote Access Software.
Changes to this Policy
Hamline reserves the right to change this policy at any time. Hamline will post the most up-to-date version of the policy on Hamline's web site and may, at its discretion, provide users with additional notice of significant changes.
Related Policies and Links
If you have questions or comments please contact the ITS Management Office at firstname.lastname@example.org.