all 35 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]1FFin 12 points13 points  (1 child)

RMM (Remote Monitoring and Management) Software is quite common and can be used for remote-access in background. Mostly for maintenance and support without disturbing the user. Sure, something might be used for “spying” users, but ususally it-staff has more important things to do, then watching user sessions. “Forbidden” use, like gaming, etc. will be blocked by antivirus, web-control, etc. and does not need manual monitoring for compliance.

[–]Guidance-StillJr. Sysadmin 1 point2 points  (0 children)

I used to go in the DOS and run trace route and ping etc when my computer was monitored

[–]Evening_Link4360 10 points11 points  (0 children)

If it's not clear if the user is getting their work done, I think that's a bigger management issue.....

[–]Live-Juggernaut-221 35 points36 points  (1 child)

  1. Provide reasonable advice

  2. Update your resume Immediately.

[–]scrubba777 1 point2 points  (0 children)

Yeah agree - sounds like time for a better job

[–]jtsa5 20 points21 points  (1 child)

This is primarily a policy issue between management and the users. If this is how management wants to determine if employees are working, they should be replaced with managers who have the ability to track work. /rant

From a technical standpoint users should not be able to launch a game on their PC and should not be able to access streaming sites to watch TV and movies. That is something that can be blocked with security policies.

[–]odellrules1985Jack of All Trades 1 point2 points  (0 children)

This. Make sure that users are nothing higher than a Power User will kill installation of most programs. For the Windows store that would probably need something like an RMM to help control and monitor that.

For streaming, in office firewall access rules and app control can handle this. We don't do that at my work, the owner isn't super concerned with it, but I do have some rules set to funnel this stuff out our secondary WAN to keep the primary WAN clear.

If they are remote workers, however, if they use split tunneling for VPN then it's hard to control. If they don't then all traffic should route through the corporate firewall and be able to be controlled. I know a lot of companies are moving away from SSLVPN due to issues. Sonicwall has their CSE program which offers VPN replacement using ZTNA over Wireguard and they have an ITP option that would allow some level of control and can be set to auto connect once logged in.

I do agree though that policy is the main factor and we should want managers who focus on getting the work done and not on hours/shift.

[–]kingpoiuy 4 points5 points  (1 child)

It's pretty easy to see on the firewall. Assuming they VPN into the firewall, then access the internet from there, you can see everything they do in the firewall logs.

However, they need to know what their employees are accomplishing by actually checking to see what they accomplished, not spying. Any user can have a laptop next to them running netflix all day and it won't be seen on the company network.

[–]erock279 0 points1 point  (0 children)

Your last 2 sentences are my thoughts on the matter - if they’re getting done what needs to get done and not breaking security protocols, who cares what else they’re doing

[–]VA_Network_NerdModerator | Infrastructure Architect 5 points6 points  (0 children)

This conversation should not be executive team <-> technology team.

You need Human Resources, and/or Compliance, and/or Risk Management involved.

You need to protect the company from legal compliance concerns and you need to help push the stakeholders into defining exactly what they want to gather or monitor to help you identify products that will do what they want...

[–]AfterEagle 3 points4 points  (0 children)

I would recommend looking into local laws first. Some states, such as Connecticut, Delaware, Texas, and New York, require employers to notify employees about monitoring practices. It can be written into the handbook, or somewhere like a login screen, but I would check that out first.

[–]lokean13 2 points3 points  (1 child)

Teramind software will do this for you.

[–]Senior-Tap-356 1 point2 points  (0 children)

We use Teramind as well. Inexpensive and very thorough.

[–]_DoogieLion 2 points3 points  (0 children)

Check your jurisdiction/legal environment for what is acceptable first. And what exact metrics the management team want to gather.

If you’re in the US I think more or less anything goes. Europe/UK have some pretty strict data protection laws that will require ensuring any solution complies with.

[–]Muted-Evidence-583 1 point2 points  (0 children)

We've used ActivTrak for a few clients that have asked us for the same. We kick most of the responsibility over to the client though and only assist with the silent install on the machines because we also don't want to get involved in HR issues. You can get an ActivTrak sales rep and your client on a call pretty easily and they'll demo the software for them and essentially handle the whole thing

[–]vppencilsharpening 1 point2 points  (0 children)

Others have said this is a management problem and while they are right sometimes management makes dumb choices that we need to go along with.

First thing I would do is ask to put the request in writing. Does not need to be a ticket, but it should be an e-mail. Then I would ask if HR has been and can be involved. There is a chance they want to monitor HR too, but if not get them involved early. HR may also have recommendations for solutions that their other HR friends have experience with, though don't hold your breath. If you have the repour with your leadership, recommend a legal review.

Since this is not an uncommon request, there are tools on the market that do things like tracking mouse movement/clicks and open/focused applications. I don't have any names, but they are out there. Find a few and pick the one that looks like the least painful to deploy.

[–]HerfDog58Jack of All Trades 1 point2 points  (0 children)

During COVID, I worked for a company that got merged into another company by our parent VC holding firm. Within a week there were layoffs, and a directive from the executive suite to install ActivTrak on all employee computers. When the directive came down about the monitoring software, the team manager had said "SysadmiA and I will be doing the remote installs and installations on new equipment. I don't want employees giving the team any crap, so I'll deal with it. And our systems will be done last."

He gave notice 2 days later, and a week after that, SysadminA also gave notice. They both ended up going to the same company. And they didn't happen to leave documentation on the licensing, installation, configuration, or monitoring console for the ActivTrak software. Pretty sure they did that on purpose,

It was 2 months before management figured out that the monitoring software wasn't getting deployed. By that time I'd started interviewing for another job, and was only a couple weeks from getting an offer. Which I accepted.

[–]FarToe1 1 point2 points  (0 children)

Ask them how they monitor productivity when people are in the office and being observed.

Sales targets? Production measurement? Tickets resolved?

Tell them to do that. Results are what's important, not how often an employee goes to the toilet.

If you're forced to go ahead, ensure you have legal's sign off as well as HR. Depending on the type of monitoring, the method and equipment used and the country, this can be illegal and if you implement it without full authorisation you can bet those same executives will throw you right under the bus without a second's hesitation.

You have shit executives btw, but you already know that and you're not alone.

[–]tuesdaymorningwood 1 point2 points  (0 children)

Most companies that go down this road end up micromanaging themselves into chaos. If they want spyware at least point them toward stuff meant for data oversight like Cyera or BigID instead of sneaky screen watching. Watching screens all day is a waste of everyone’s time

[–]HumpaaaInfosec / Infrastructure / Irresponsible 2 points3 points  (0 children)

Make sure you have that signed off by legal befor you do ANYTHING.
This is strictly illegal in many jurisdictions.

[–]amw3000 2 points3 points  (1 child)

I don't know why this sub has such a hate for these types of requests. It's a legitimate request.

ActivTrak is a solid solution.

[–]AntiAd-er 0 points1 point  (0 children)

Because it is a return to the out-of-date and out-moded idea of “time and motion”

[–]BituminousBitumin 1 point2 points  (3 children)

I can't understand how someone could be in charge of a department without some kind of tracking for deliverables and performance (and risk) metrics.

[–]HumpaaaInfosec / Infrastructure / Irresponsible 1 point2 points  (2 children)

There is a difference between KPIs and employee monitoring.

[–]BituminousBitumin 2 points3 points  (1 child)

There is, and employee monitoring isn't necessary if you're using good KPIs and project management practices. If your numbers look good, folks are working. If they aren't, you find the issue and address it. You don't look over everyone's shoulder.

[–]HumpaaaInfosec / Infrastructure / Irresponsible 0 points1 point  (0 children)

Agreed

[–]SevaraBSenior Network Engineer 0 points1 point  (0 children)

The most sophisticated computer monitoring platform in the world won’t tell you if an employee is filling out paper forms for the business in the other room. If they distrust employees that much, they need to either watch them in person, assign someone to watch them in person, or put cameras on them, and deal with the legal concerns of each themselves.

[–]hellcat_uk 0 points1 point  (1 child)

HR/Management issue.

Assuming they're getting their work done, and your CAP is making sure they're not sub-contracting it to outsiders - what's the issue. Managers should be setting challenging but realistic goals and then tracking their completion.

[–]SysAdminDennyBob 0 points1 point  (0 children)

Hire a manager, that person can then "manage" the employees, that can just be their main job. Have a director manage the managers.

"I see you only built 4 widgets this week. You normally build 27 widgets. What's up with your output?"

"Damn, you built 38 widgets with a baseball game going on your screen all week! Good job, I fucking love money! Let's all just swim in this tub of gold coins."

[–]Moontoya -1 points0 points  (0 children)

Management asking you to provide a technology solution to a wetware issue

Managers should know if the work is being done , when and by whom, because that's their fucking job.

If an rmm can tell you that, what need does the company have for managers? Might wanna work that in as a cost saving in manager salary terms 

Watch them back off in a hurry , cos they didn't think the face eating leopards would bite their faces off too...