Re: Question on student user accounts

[Charlie Prothero <Charlie.Prothero () KEYSTONE EDU>]

Keystone College was wrestling with this a few years back.  ID's were
set up inconsistently, and we had no way to match a network or E-Mail
account back to its owner in our student recordkeeping system.  So, with
plenty of warning ahead of time, we deleted all of our existing student
user accounts and set up a table in our ERP system that contains fields
for student number and network userid.  Before each semester begins, we
run a query to see who is registered for classes but not in that table.
The mismatches get fed into another program that automatically generates
userid's with Exchange mailboxes according to the following standard:

- ID is comprised of first initial then last name (e.g. John Doe would
be jdoe) with the E-Mail address userid.keystone.edu
- If a generated ID would create a duplicate in the system, the program
automatically appends a 1 to the end of the ID and, if necessary,
increments that until an unused ID is found
- We do not intend to ever re-use ID's, as E-Mail intended for one
person could inadvertently be delivered to someone else
- We are also undecided on how long to leave an account live after the
student graduates (so far, we have not deleted any student accounts)

Once the ID generation cycle is complete, the table in the ERP system is
updated, and we're ready to go for the next time around.  

In order to keep employees separate from this process, we use a
firstname.lastname standard for them.  We're small enough that manual
processing of employees is relatively easy to keep up with.

- Charlie

Charlie Prothero
IT Director
Keystone College

-----Original Message-----
From: Mark Borrie [mailto:mark.borrie () OTAGO AC NZ] 
Sent: Tuesday, June 21, 2005 6:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Question on student user accounts

For quite a few years we have used 8 character names based on the 
first 3 characters of their surname, the first 2 of their given name and
a 
3 digit random number. (some users need a 4 digit random number)

The usernames are never reused and are associated with a user for 
ever. For students this username is used for theie email.

We also use a variation of this for staff, external users and role based

accounts.

The only problem we have is that certain names create interesting and 
potentially offensive usernames. This year we also had 2 users object 
to a username ending in 666. We have a process for in place for 
changing usernames in extreme cases but in 7 years we have only had 
5 complaints.

The standard naming we use has been so successful we see the 
names being used in places such as hotmail and other external sites.

Mark.

On 21 Jun 2005 at 10:37, Fretz, Kerry wrote:

> Our institution has been using a specific format for student network
accounts for many years. Our 
> format has always been the last name followed by a sequential number.
For example, we would 
> use SMITH11, SMITH12, SMITH13 with the email set as the same format.
After the user would 
> graduate, we would remove the accounts and eventually, the username
would be reused by 
> another incoming freshman. This has created some issues over the
years.
> I was just curious what you are using for the network username format
at your institution and what 
> you(tm)ve found that works well for you. Do you reuse network accounts
or do you have a unique 
> username for each student coming in?
>
> Any input is appreciated.
>
> Kerry Fretz
> Manager, Network & Systems
> Philadelphia University

-- 
Mark Borrie
IT Security Officer,
Information Technology Services, University of Otago,
Dunedin, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-5080, Mobile +64 27 609-6409