STS and MLS Security

Discussions around using and interfacing with the Church MLS program.
russellhltn
Community Administrator
Posts: 20767
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

STS and MLS Security

Postby russellhltn » Wed Aug 13, 2008 10:15 am

From the Desktop 5.5 Instructions:

Log on to the computer, using the user name CLERK (in all capitals, as shown here) and the password [redacted]. This is the computer administrator account. It is also the only account to be used to run MLS. Please do not allow this username or password to be changed.
[...]
Do not create Windows nonadministrator accounts for anyone who will use MLS. Any attempt to transmit MLS data from a nonadministrator account will result in transmission difficulties.


and from Nonstandard Computer Instructions

If you install Windows XP professional with service pack 2 on the computer, As Windows is being setup and asks you to establish an administrative user account type CLERK (in all capitals, as shown here for the user name) and the password [redacted]. This is the computer administrator account. It is also the only account to be used to run MLS. Please do not allow this username or password to be changed.


These instructions can be found at mls.lds.org. The STS has the password.

As much as it disturbs me to have all users run with administrative rights - first, it's not my call. Secondly, as much as I've been successful at work and at the FHC in getting software to work with lower user rights, there's just too many unknowns during send/receive to be able to do so safely.

james_francisco
Member
Posts: 76
Joined: Thu Feb 08, 2007 9:42 am
Location: Arizona
Contact:

Postby james_francisco » Sat Aug 16, 2008 11:36 am

There is no real need for Ward Computers to run as Administrator. The 'power user' account level gives a ward clerk all of the system access needed to function. That is because it is really a limited adminstrator account. Also MLS send/recieve has no problem running under Power User status. I've verified this over the last two months after changing all Clerk accounts to power user accounts after two systems events in a week which required complete reinstallation of MLS in two different wards.

The Stake Technology Specialist is personally responsible for Information systems security in the stake. Understandably, the instructions for installation of desktop 5.5 where the clerk account as administrator discussion is printed is designed for an STS with basic computer skills. Where the STS has the ability to make the stake system more secure without compromising MLS functionality and without changing the workflow of ward clerks and officers, they should certainly consider doing just that.

It is important to note that the 'clerk' account is not the one that may eventually be used to implement push updates from church headquarters. There are other system accounts installed that are intended for that purpose.

RussellHltn wrote:
As much as it disturbs me to have all users run with administrative rights - first, it's not my call. Secondly, as much as I've been successful at work and at the FHC in getting software to work with lower user rights, there's just too many unknowns during send/receive to be able to do so safely.

russellhltn
Community Administrator
Posts: 20767
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sat Aug 16, 2008 11:53 am

James_Francisco wrote:The Stake Technology Specialist is personally responsible for Information systems security in the stake. Understandably, the instructions for installation of desktop 5.5 where the clerk account as administrator discussion is printed is designed for an STS with basic computer skills.


I disagree. If that were the case, then the Desktop would have shipped that way and/or the instructions modified appropriately. It's really not that complicated to do.


James_Francisco wrote:It is important to note that the 'clerk' account is not the one that may eventually be used to implement push updates from church headquarters. There are other system accounts installed that are intended for that purpose.


Yes, there are other accounts in the Desktop Image. But to my knowledge they've never been used. Also, for machines not using Desktop, I don't think there's anything in the instructions that would cause them to be created.

While Power User is sufficient for installing/updating applications, it's not sufficient to install any updates to the operating system itself. All that has to happen is for the church to decide to push down a setting or a small update and "Power User" will fail.

Last, but not least, what you propose is contrary to the written instructions we have been given and so far I've gotten nothing from any other official source supporting doing anything different.

It does grate on me letting everyone have admin access. If it wasn't for the wildcard of not knowing what the church is going to push down, I would have down graded it to just "user" like I have the FHC machines or the machines I'm in charge of at work.

If the machines are compromised because I followed instructions, so be it. I've got it in writing, so my backside is covered. :D So I just tell myself "well, it's their machines", apply a therapeutic dose of apathy and move on. ;)

james_francisco
Member
Posts: 76
Joined: Thu Feb 08, 2007 9:42 am
Location: Arizona
Contact:

Postby james_francisco » Thu Aug 28, 2008 7:04 pm

Coming back to this after a busy couple of weeks: In Stake technology specialist roles and responsibilities at Clerk.Lds.org it says:

"You ensure that all computers, software, and confidential Church information are secure, are protected from viruses and improper use, and that data files are backed up regularly."

This tells me that I am personally accountable for system security of the computers in the buildings that I am responsible for supporting.

RussellHltn wrote:I disagree. If that were the case, then the Desktop would have shipped that way and/or the instructions modified appropriately. It's really not that complicated to do.

lajackson
Community Moderators
Posts: 6144
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Postby lajackson » Thu Aug 28, 2008 7:40 pm

James_Francisco wrote:This tells me that I am personally accountable for system security of the computers in the buildings that I am responsible for supporting.


I agree, except that I have come to accept that I am only responsible with the tools CHQ gives me to use. In other words, there are things I might do if I were actually running the show (such as not having everyone login with the same admin account on the desktop).

But I am fine with following the security instructions from SL, and then having them fix the problems those instructions create. They don't like that last part, but I hold them to it, and they do make changes from time to time.

There is nothing quite as liberating as reminding the help desk that I did exactly what they told me to do. (It gets you to the next level of support faster, too.)

russellhltn
Community Administrator
Posts: 20767
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Thu Aug 28, 2008 9:19 pm

James_Francisco wrote:Coming back to this after a busy couple of weeks: In Stake technology specialist roles and responsibilities at Clerk.Lds.org it says:

"You ensure that all computers, software, and confidential Church information are secure, are protected from viruses and improper use, and that data files are backed up regularly."

This tells me that I am personally accountable for system security of the computers in the buildings that I am responsible for supporting.


And so you're saying that requires you to disregard clear written instructions quoted in Post #1?

I fail to see how you can be held personally accountable if you've followed all instructions faithfully and haven't ignored any clues that things are not working right.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

james_francisco
Member
Posts: 76
Joined: Thu Feb 08, 2007 9:42 am
Location: Arizona
Contact:

Postby james_francisco » Fri Aug 29, 2008 12:38 pm

Perhaps we're getting off track here. A discussion of the scope and limitations of the duties of a Stake Technology Specialist probably belongs somewhere else. The buzz in these forums is that MLS 2.9 has a security model that is quite different from what local leaders are used to dealing with. If that is the case, as the STS for a stake that has not yet been introduced to the new security model, I'd like to see some concise help files that I can share with the usual suspects in the stake to prepare them for the new regime.

RussellHltn wrote:And so you're saying...

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Fri Aug 29, 2008 12:50 pm

James_Francisco wrote:The buzz in these forums is that MLS 2.9 has a security model that is quite different from what local leaders are used to dealing with. If that is the case, as the STS for a stake that has not yet been introduced to the new security model, I'd like to see some concise help files that I can share with the usual suspects in the stake to prepare them for the new regime.


I guess I'm missing the "buzz." I haven't seen anything about a change in the MLS security model introduced with version 2.9.

The only change that I can see as being somewhat related to the "security model" is that MLS now requires MLS users to be associated with a member record (except for out-of-unit administrators). Is this what you are referring to, or is it something else?

russellhltn
Community Administrator
Posts: 20767
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Fri Aug 29, 2008 1:27 pm

James_Francisco wrote:[size=84]Perhaps we're getting off track here. A discussion of the scope and limitations of the duties of a Stake Technology Specialist probably belongs somewhere else.


Valid point. Our discussion no longer fits the title of the thread. That's an easy to fix. I'll take care of it tonight of no one beats me to it. (And they're welcome to save me the trouble. :D)

James_Francisco wrote:[ The buzz in these forums is that MLS 2.9 has a security model that is quite different from what local leaders are used to dealing with.


Maybe the security for MLS logins, but I've not heard any change on how Windows security is to be managed. And that's what we're discussing here.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

russellhltn
Community Administrator
Posts: 20767
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sat Aug 30, 2008 3:20 pm

OK, I think I've successfully forked this from the "MLS 2.9 Installation Problems" thread so we can continue to discuss the responsibility of the STS to data security.

You may want to re-read post #1 which is what started this.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.


Return to “MLS Support, Help, and Feedback”

Who is online

Users browsing this forum: No registered users and 1 guest