• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 171
  • Last Modified:

who should have access to the administrative password

who should have access to the administrative password
0
savvides
Asked:
savvides
  • 4
  • 3
  • 3
1 Solution
 
SheharyaarSaahilCommented:
your IT admin if its a corporate workgroup......or the owner of the system in case of individual/home user.
0
 
savvidesAuthor Commented:
This is a cororate work group.

The structure is

Network Administrator
Director Of IT
Chief Operating Officer - In charge of all operations

Should / Could the Chief Operating Officer have access to the passwords ?
0
 
Toni UranjekConsultant/TrainerCommented:
Hi!

Which administrator's password? If you are talking about domain administrators you should create separate administrative account for each administrator. Of course person which will have administrative privileges has to be completly trustworthy. Usualy a sealed envelope with password is given to customers.

If you will provide more details, you will get more specific answers.

Toni
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
savvidesAuthor Commented:
Should the person in charge of operations, the boss of all IT have access to the passwords?

Is there a reference I can use?
0
 
Toni UranjekConsultant/TrainerCommented:
There is no need for upper managment to have passwords - are they trained computer professionals?
0
 
SheharyaarSaahilCommented:
depends on your company policy......here in my company, our manager doesn't keep track of all the passwords with her......but we keep all the passwords in a password protected file whose password is then given to her, just in case if we are not there, she will have the control on every machine without any problem.

in your case, i would suggest to give the password to Network Administrator as he is the one who is responsible for day to day operations and maintenance, but keep a track of all these passwords in a separate file and give access to this file to the Director and Officer so in case of his absence, they will have the control.
0
 
savvidesAuthor Commented:
Yes  they are trained - it is a matter of contigency - a back up plan, in case the network admin is not around.
0
 
SheharyaarSaahilCommented:
they DO have the right to have all these passwords.....infact they SHOULD know these passwords.....no network admin is gonna stay with them forever.....infact all these information should be held somewhere safe with the owner too......in case if any of the staff leaves.....he/she will still have control on his/her machines.
0
 
Toni UranjekConsultant/TrainerCommented:
If they are not performing administrative tasks, they do not need administrative password. You can use the same concept - sealed envelope in case of emergency. Create separate account, enable auditing. Plenty of tasks can be easily delegated (for example resetting passwords) if you are using Active Directory.
0
 
savvidesAuthor Commented:
SheharyaarSaahil:

Thank you.

Is there a reference I can use for this ?

0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now