For outsourced professional IT remote support, one habit most new technicians get into is the "instead of getting the user to start up remote support each time, I'll go ahead and install LogMeIn / GoToMyPC / Remote Desktop / whatever so that if they call again, I can just jump on and help them".
This of course opens up a potential liability because a client PC on a network that we don't own is being accessed without a user explicitly providing permission by clicking a "Yes, allow technician to control my PC" option.
I realize the rules totally change when you're an IT admin over a network that you "own", but this is outsourced IT support. Just curious what others' policies are. Is this an acceptable practice for convenience and I'm turning into one of those "security is more important than anything" people, or is this really a liability?
I suppose it's really going to come down to the type of business, and to whom you're outsourcing.
Personally, I'd not allow them to pre-install any management tools unless they're doing all of my IT work.
We handle this by requiring the end-user to exlicitly authorize a session via a dialog box with our remote control software. There are a few other policies regarding this that are signed off on and made available to end users and IT folks.
You are really putting yourself in a bad position if you don't do that. Users may have sensitive information, and putting technicians in positions where they can impersonate users is a really, really bad idea.