Operator Using Generic Logons For VMS Access

Good question. What you are describing is common and you've done a nice job expressing the issues involved.

The most common counter for VMS operators is "why does it matter?" I am not saying it does not but some organizations, it just does not rise to a significant enough concern to justify the hassle and complexity of everyone logging in and out all the time. If it was a retail store employee and a cash register, obviously different story.

The question I'd ask you is what risks do you face with a generic logon and how much would that cost / harm your organization is they occurred? If they prove to be that significant, then it is worth enforcing a policy on this.

I have seen this a few times, what the owner doesn’t care about, or recognize the need for, is having an audit trail of who did what and when. The problem will correct itself on the first incident that they have to figure the who, when, why.

I understand the desire to keep things simple for the users... I also understand the IT desire to keep things under control.

Seems to me that ESPECIALLY when you have AD control, it's a lot easier to lock things down to limit the users' ability to screw anything up (intentionally or otherwise).

You could also sharply limit the operators' abilities with the generic login to do anything in the VMS that would actually require later auditing - say, give it only the ability to view live feeds, but if they want to export or otherwise manage footage, they have to use their own logins. If your VMS has an inactivity logout feature, that could be used to switch it back to the low-impact "generic" account afterward.

Guess it depends on the VMS and the granularity of the account and group settings. I know with Vigil, for example, the default "user" account gives access to view live and recorded video, and to export video, but not much else, including no ability to shut down the system. For some sites I've created "manager" groups with access to some, but not all settings (in particular, those that would allow the tinkering type to accidentally mess something up). For others, certain cameras are locked out for user group accounts. Usually the server is set to login with this account at startup, then we'll configure an inactivity timeout of 15 minutes to log out any other account and log back in as "user".

Don't know what the budget is or how great the pressure is to enforce accountability, but have you considered any of the RFID single-sign-on options out there?

A long time ago, (+10 years), I was involved with a project inside a large data center where multiple admins move freely from console to console throughout the day, all logged in as root, with little accountability. As Rob mentioned it took only one incident before somebody decided to do something. That something was to use already issued employee fobs as sign-on credentials as well as their normal physical acccess control functions.

So readers for each machine. One thing that really made it work was the fact that it could just fast-switch between sessions, instead of the lengthy log-out, log-in, procedure.

I can't say it was a hit with the admins at first, but they did like the fact that they could see who did what, not just for finger pointing necessarily either.

I can't remember what vendor we used, but it was so long I doubt it means anything anyway.

Looking around today it seems that there are quite a few systems out there, many that work only on user proximity, with no swipe required. Like for hospitals and restaurants. Others work on BLE and smartphones, even biometrics, though they can get pricey.

I'm sure I'm not the guy that knows which one to choose, but maybe Brian or someone else can recommend one. One that came up a lot in searching is Xyloc from ensuretech. Their video is a decent overview of some the typical options: