Thanks Lou. We've tried: - nagging emails - witholding expenses - witholding the whole dept's expenses if one person doesn't do their timesheets - nothing like peer pressure! - rewarding people who fill them in - when we used to use MailSweeper, we used to quarantine all their inbound and outbound email - every sent or received email would send them an email saying "this email has been quarantined - contact IT to release it" - years ago we tried blocking internet access at the firewall for those users, but with DHCP, it was a bit of a faff. - we also tried proxies etc and limiting web access (in a much more manual way that wasn't really workable)
None of these things work effectively - some of them don't work cross-platform - and most of them just mean someone other than the people who didn't fill in their timesheets has to do a load of admin which isn't ideal. IM might be marginally better than emails, but we outsource email to Google (for about 12,000 people - works excellently) and users have the ability to block certain senders, so those nags would quickly get silenced. I think Brian's solution is best - it'll only do it after a few days of outstanding timesheets - possibly even a week, so people can easily prevent it from happening if they keep reasonably up to date. (Thanks Richard for your variation on the suggestion too - redirecting all their web traffic will certainly give them an incentive). Thanks all, Nick. On Thu, Apr 5, 2012 at 3:14 PM, Lou H. Goddard <[email protected]> wrote: > It sounds a little user-hostile to chop someone's network access in the > middle of a session. You may end up with a lot of angry users telling > their supervisors that they couldn't get task X, Y, or Z done because IT > killed their session upon re-auth. > > Do they have access to IM? You could lock down the settings on the IM > client to make new IMs pop and take window focus in the GUI. Then, have > some program on the backend check timesheet status. If the timesheet isn't > filled out send an IM to the user every five minutes. > > This will nag them into doing it without doing something overly negative > to the user. > > Thanks, > Lou Goddard > Network Engineer > 302-552-8053 > [email protected] > > ------------------------------ > *From: *Nick Allen <[email protected]> > *Sent: *Thu, 4/5/2012 9:48am > *To: *Enterasys Customer Mailing List <[email protected]> > *Subject: *Re: [enterasys] Timesheets... > > > Good plan Brian - we'll have to give that a go. The AD group + policy with > re-auth sounds best. > > Cheers, > > Nick. > > On Thu, Apr 5, 2012 at 1:03 PM, Brian Anderson < > [email protected]> wrote: > >> A script could be built to look at a user in a database, if they haven’t >> put in the time for the day then drop them in an AD group. If your >> switches are set to re-auth the ports every x minutes or so, you can setup >> a policy with that AD group to move their port to a locked down policy. >> **** >> >> ** ** >> >> Another idea would be to query the database, and disable their AD >> account, however if they are dependent on AD to do their time, they would >> have to be re-enabled to do time and might ‘neglect’ to enter time.**** >> >> ** ** >> >> With the locked down policy, you could cut off internet or any resource >> except for the time application, perhaps redirect their browser to the time >> app if it is web based? J And when they did their time, your scripted >> job would re-query the database (every 30 min let’s say) and pull them out >> of that group, and port would re-auth and they would get their access back. >> **** >> >> ** ** >> >> If you have NAC, perhaps something creative could be done there.**** >> >> ** ** >> >> *From:* Nick Allen [mailto:[email protected]] >> *Sent:* Thursday, April 05, 2012 5:34 AM >> *To:* Enterasys Customer Mailing List >> *Subject:* [enterasys] Timesheets...**** >> >> ** ** >> >> Hi,**** >> >> ** ** >> >> A slightly odd question - but does anyone have any kind of policy applied >> that restricts network access depending on whether they've filled their >> timesheets in.**** >> >> So maybe something that looks the user up in a database, or - perhaps >> less useful - tests for AD group membership?**** >> >> ** ** >> >> I'm sure it's possible, but interested to hear any solutions - even if >> they're not specifically policy related - or even Enterasys related.**** >> >> ** ** >> >> I work for a creative agency where timesheets are required, but people >> are awful at filling them in.**** >> >> ** ** >> >> We've had various carrot and stick approaches over the years but nothing >> that works for everyone, or for every OS - we have a mix of Mac (90%) and >> PC (10%).**** >> >> ** ** >> >> Thanks,**** >> >> ** ** >> >> Nick.**** >> >> ** ** >> >> -- **** >> >> This e-mail is intended only for the named person or entity to which it is >> addressed and**** >> >> contains valuable business information that is proprietary, privileged, >> confidential and/or**** >> >> otherwise protected from disclosure. If you received this e-mail in error, >> any review, use,**** >> >> dissemination, distribution or copying of this e-mail is strictly >> prohibited. Please notify**** >> >> us immediately of the error via e-mail to [email protected] and >> please delete**** >> >> the e-mail from your system, retaining no copies in any media. We appreciate >> your cooperation.**** >> >> ** ** >> >> ** ** >> >> ** ** >> >> **· ** --To unsubscribe from enterasys, send email to >> [email protected] with the body: unsubscribe enterasys >> [email protected]**** >> >> **· **** ** >> >> >> - --To unsubscribe from enterasys, send email to [email protected] the >> body: unsubscribe enterasys >> [email protected] >> >> **NOTICE:** The Arkansas Department of Human Services has determined >> that this message may contain confidential or otherwise protected >> information. We have used transport encryption to help protect this message >> while in transit to you. Please take all reasonable measures to protect any >> protected or confidential data that might be in this message, including the >> limitation of re-disclosure to the minimum number of recipients necessary. >> Please report any inappropriate disclosure to >> https://dhs.arkansas.gov/reporting or as required by law. > > > -- > This e-mail is intended only for the named person or entity to which it is > addressed and > contains valuable business information that is proprietary, privileged, > confidential and/or > otherwise protected from disclosure. If you received this e-mail in error, > any review, use, > dissemination, distribution or copying of this e-mail is strictly prohibited. > Please notify > us immediately of the error via e-mail to [email protected] and > please delete > the e-mail from your system, retaining no copies in any media. We appreciate > your cooperation. > > > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > ------------------ CONFIDENTIALITY NOTICE --------------- > > This message, including any attachments, is for the sole use of the > intended recipient(s) and may contain privileged confidential information > protected by law. Any unauthorized review, use, disclosure or distribution > of this message is prohibited. If you are not the intended recipient, > please > contact the sender by reply e-mail and destroy all copies of this message. > > ------------------ CONFIDENTIALITY NOTICE --------------- > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected] and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
