[no subject]

["Keslar, Chris" <crk4 () PITT EDU>]

Mike,



We create accounts for applicants so they can access their application in
our portal system, but nothing else.  We created a separate sub-portal
specifically for this purpose.  We do not give them access to email or any
other services.  There are then a set of business rules and processes that
manage the existence of the account.



On the backend the accounts exist in our Active Directory, but are in a
separate OU than our other user accounts.



[hris Keslar

Computing Services & Systems Development

University of Pittsburgh







From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tupker, Mike
Sent: Wednesday, July 01, 2009 1:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]



Hello,



A situation has developed where a project lead/developer and a few
departments are saying we need to give active directory accounts and email
accounts to applicants. I was wondering if other schools give active
directory and or email accounts to applicants?



The situation scares me to be honest. None of the details have been worked
out that I know of, but the idea of giving email accounts to anyone who
fills out a form online seems like a bad idea. It may be possible to lock
down AD enough, but it still sounds like we are saying "Sign this internet
form and get a login to our network. Have fun elevating privileges and
sending spam!" I may be being paranoid about this but I wanted to get some
of the community's thoughts on this. If I'm just being paranoid, feel free
to say so. J



Oh, and we also use google apps for our student email. It appears that the
google apps for edu agreement does allow for giving account to non-students
if desired.



Mike Tupker

Systems Administrator

Mount Mercy College

Attachment: smime.p7s
Description: