Wow. It looks like you've already tried all of the 'soft' methods. Good luck and hopefully you can share the solution when you find it.
Thanks, Lou Goddard Network Engineer 302-552-8053 [email protected] From: Nick Allen <[email protected]> Sent: Thu, 4/5/2012 10:47am To: Enterasys Customer Mailing List <[email protected]> Subject: Re: [enterasys] Timesheets... Thanks Lou. We've tried:- nagging emails- witholding expenses - witholding the whole dept's expenses if one person doesn't do their timesheets - nothing like peer pressure!- rewarding people who fill them in - when we used to use MailSweeper, we used to quarantine all their inbound and outbound email - every sent or received email would send them an email saying "this email has been quarantined - contact IT to release it" - years ago we tried blocking internet access at the firewall for those users, but with DHCP, it was a bit of a faff.- we also tried proxies etc and limiting web access (in a much more manual way that wasn't really workable) None of these things work effectively - some of them don't work cross-platform - and most of them just mean someone other than the people who didn't fill in their timesheets has to do a load of admin which isn't ideal. IM might be marginally better than emails, but we outsource email to Google (for about 12,000 people - works excellently) and users have the ability to block certain senders, so those nags would quickly get silenced. I think Brian's solution is best - it'll only do it after a few days of outstanding timesheets - possibly even a week, so people can easily prevent it from happening if they keep reasonably up to date. (Thanks Richard for your variation on the suggestion too - redirecting all their web traffic will certainly give them an incentive). Thanks all, Nick. On Thu, Apr 5, 2012 at 3:14 PM, Lou H. Goddard <[email protected]> wrote: It sounds a little user-hostile to chop someone's network access in the middle of a session. You may end up with a lot of angry users telling their supervisors that they couldn't get task X, Y, or Z done because IT killed their session upon re-auth. Do they have access to IM? You could lock down the settings on the IM client to make new IMs pop and take window focus in the GUI. Then, have some program on the backend check timesheet status. If the timesheet isn't filled out send an IM to the user every five minutes. This will nag them into doing it without doing something overly negative to the user. Thanks, Lou Goddard Network Engineer 302-552-8053 [email protected] From: Nick Allen <[email protected]> Sent: Thu, 4/5/2012 9:48am To: Enterasys Customer Mailing List <[email protected]> Subject: Re: [enterasys] Timesheets... Good plan Brian - we'll have to give that a go. The AD group + policy with re-auth sounds best. Cheers, Nick. On Thu, Apr 5, 2012 at 1:03 PM, Brian Anderson <[email protected]> wrote: A script could be built to look at a user in a database, if they haven’t put in the time for the day then drop them in an AD group. If your switches are set to re-auth the ports every x minutes or so, you can setup a policy with that AD group to move their port to a locked down policy. Another idea would be to query the database, and disable their AD account, however if they are dependent on AD to do their time, they would have to be re-enabled to do time and might ‘neglect’ to enter time. With the locked down policy, you could cut off internet or any resource except for the time application, perhaps redirect their browser to the time app if it is web based? J And when they did their time, your scripted job would re-query the database (every 30 min let’s say) and pull them out of that group, and port would re-auth and they would get their access back. If you have NAC, perhaps something creative could be done there. From: Nick Allen [mailto:[email protected]] Sent: Thursday, April 05, 2012 5:34 AM To: Enterasys Customer Mailing List Subject: [enterasys] Timesheets... Hi, A slightly odd question - but does anyone have any kind of policy applied that restricts network access depending on whether they've filled their timesheets in. So maybe something that looks the user up in a database, or - perhaps less useful - tests for AD group membership? I'm sure it's possible, but interested to hear any solutions - even if they're not specifically policy related - or even Enterasys related. I work for a creative agency where timesheets are required, but people are awful at filling them in. We've had various carrot and stick approaches over the years but nothing that works for everyone, or for every OS - we have a mix of Mac (90%) and PC (10%). Thanks, Nick. -- This e-mail is intended only for the named person or entity to which it is addressed andcontains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use,dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected] and please deletethe e-mail from your system, retaining no copies in any media. We appreciate your cooperation. · --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] · --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] NOTICE: The Arkansas Department of Human Services has determined that this message may contain confidential or otherwise protected information. We have used transport encryption to help protect this message while in transit to you. Please take all reasonable measures to protect any protected or confidential data that might be in this message, including the limitation of re-disclosure to the minimum number of recipients necessary. Please report any inappropriate disclosure to https://dhs.arkansas.gov/reporting or as required by law. -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected] and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected] and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
