[no subject]

[James Cooley <jcooley () FIT EDU>]

We've had some similar concerns about this in the past.  What we've done, is created a system comprised of two levels 
of student accounts.   An applicant is given a limited account in a separate organizational unit in our LDAP 
directories that only gives the individual access to the student information system to check on the status of the 
application, account balances, etc.   Once a student is accepted, and has paid their tuition deposit, this account is 
converted to a full student account.

--
James Cooley
Information Security Officer
Florida Tech IT Services
jcooley () fit edu




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tupker, 
Mike
Sent: Wednesday, July 01, 2009 1:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

Hello,

A situation has developed where a project lead/developer and a few departments are saying we need to give active 
directory accounts and email accounts to applicants. I was wondering if other schools give active directory and or 
email accounts to applicants?

The situation scares me to be honest. None of the details have been worked out that I know of, but the idea of giving 
email accounts to anyone who fills out a form online seems like a bad idea. It may be possible to lock down AD enough, 
but it still sounds like we are saying "Sign this internet form and get a login to our network. Have fun elevating 
privileges and sending spam!" I may be being paranoid about this but I wanted to get some of the community's thoughts 
on this. If I'm just being paranoid, feel free to say so. :)

Oh, and we also use google apps for our student email. It appears that the google apps for edu agreement does allow for 
giving account to non-students if desired.

Mike Tupker
Systems Administrator
Mount Mercy College