Jump to content

Guest, which answer was the most helpful?

If any of these replies answered your question, please take a moment to click the 'Mark as solution' button on the post with the best answer.
Marking posts as the solution will help other community members find answers to their questions quickly. Thank you for your help!

Featured Replies

Posted

I need to know what are the negatives on having your system administrator

creating and controlling all passwords to user on the domain? We have 450

users on the network.

--

-Don

On Mon, 10 Dec 2007 18:33:00 -0800, Don wrote:

> users on the network.

 

The fact that he creates an knows all password... This is unheard off.

There is no reason in the world for that. If needed, he can always reset

the password on his end.

Sounds like a snoopy, in-secured admin to me.

 

 

--

:-)

Don wrote:

> I need to know what are the negatives on having your system administrator

> creating and controlling all passwords to user on the domain? We have 450

> users on the network.

 

In my opinion, nobody should know a user's password except the user.

You may also have compliance issues if you are regulated by SOX, HIPAA

or any of those guys.

 

--

 

Jack Doyle, Systems Engineer

ScriptLogic Corporation

http://www.scriptlogic.com

You know... I have an admin friend of mine who works for a large company (14000 users worldwide), and they actually do this!

All passwords are kept in an Access database. The admin changes passwords for the users as needed and then calls them to give them their new password.

 

Everyone thinks it is totally insane, and due to the manual nature of this system the user's passwords seldom get changed.

 

Executives will not buy in to enabling a domain password change policy which is really the way to go. So they are stuck with this method for now, which I think was carried over from when they were running an NT4 / Novell environment. (they are running 2003 native now).

 

I really do not recommend this approach- It is actually a lot more work than it's worth (i've witnessed it first-hand), and would be considered a security risk by any compliance standard.

 

 

Happy Holidays-

 

Kurt L.

Senior Support Lead / MCSE / CCNP

SysOp Tools

http://www.sysoptools.com

 

 

 

Don wrote:

> I need to know what are the negatives on having your system administrator

> creating and controlling all passwords to user on the domain? We have 450

> users on the network.

 

In my opinion, nobody should know a user's password except the user.

You may also have compliance issues if you are regulated by SOX, HIPAA

or any of those guys.

 

--

 

Jack Doyle, Systems Engineer

ScriptLogic Corporation

http://www.scriptlogic.com

Guest
Reply to this topic...