User Password Policy
Our business is run off of a SBS2003 Server.Currently I have an excel spreadsheet with all user names and passwords. They are changed infrequently if ever. There are several reasons for this. I frequently need to login to peoples computers when they are gone to do various things. Several examples of this would be:
1. Submit Billable Time - this can only be done through an application setup under their user profile.
2. Perform Various Maintenance to someones profile - without the need to schedule this prior.
3. Set an out of office reply for someone who forgot and went on vacation.
4. These are just a few of the examples.
This started when we were a smaller company and have now grown to about 50 users. I realize this is a security risk and would like to find a good work around so that I can setup a password policy that will insure passwords are changed frequently, but allow me the same type of access without having to keep track of all the passwords.
Thanks in advance for your help and ideas!
1. Submit Billable Time - this can only be done through an application setup under their user profile.
2. Perform Various Maintenance to someones profile - without the need to schedule this prior.
3. Set an out of office reply for someone who forgot and went on vacation.
4. These are just a few of the examples.
This started when we were a smaller company and have now grown to about 50 users. I realize this is a security risk and would like to find a good work around so that I can setup a password policy that will insure passwords are changed frequently, but allow me the same type of access without having to keep track of all the passwords.
Thanks in advance for your help and ideas!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
WoW! Thanks for the all the responses. I really appreciate them all!
Matt: I also agree with a lot of what you said. thanks for your response. Knowing the habits of our department heads, I probably won't entrust this info to any of them. :)
DJL: Very slick recommendation for outlook! You tought me something new. Thanks! As for Maintenance, In the past it's been cleaning up their user profile temp files, cache and what not if they have been complaing about a slower system and they happen to be out of the office. Other random things. The scenario around submitting billable time is that usually the user has entered in the time but didn't send it off to the accountant. So it's all their on their profile just needs to be sent. The admin mode does not accomodate this.
Motley74: I think I do need to more closely define when and why I need these passwords... I think if I do this then it will put the risk/benifit ratio in perspective.
mkline71: Thanks for your kind words. I've already filled up several hat racks, reminds me I need to go out and get another soon. :) I think, like you mentioned, that established some expectations around passwords and communicating them to the users how things will be handled is the way to go.
Thanks Everyone!
Matt: I also agree with a lot of what you said. thanks for your response. Knowing the habits of our department heads, I probably won't entrust this info to any of them. :)
DJL: Very slick recommendation for outlook! You tought me something new. Thanks! As for Maintenance, In the past it's been cleaning up their user profile temp files, cache and what not if they have been complaing about a slower system and they happen to be out of the office. Other random things. The scenario around submitting billable time is that usually the user has entered in the time but didn't send it off to the accountant. So it's all their on their profile just needs to be sent. The admin mode does not accomodate this.
Motley74: I think I do need to more closely define when and why I need these passwords... I think if I do this then it will put the risk/benifit ratio in perspective.
mkline71: Thanks for your kind words. I've already filled up several hat racks, reminds me I need to go out and get another soon. :) I think, like you mentioned, that established some expectations around passwords and communicating them to the users how things will be handled is the way to go.
Thanks Everyone!
ASKER
Thanks!
Glad to help.
You could perform most of the profile maintenance by logging into the workstation as an administrator, and then browsing to c:\Documents and Settings\UserName and deleting temp files etc.
You could perform most of the profile maintenance by logging into the workstation as an administrator, and then browsing to c:\Documents and Settings\UserName and deleting temp files etc.
ASKER
yeah, I normally run utilities such as CCleaner which only empties the logged in users settings as far as I know.
ASKER
Matt: I also agree with a lot of what you said. thanks for your response. Knowing the habits of our department heads, I probably won't entrust this info to any of them. :)
DJL: Very slick recommendation for outlook! You tought me something new. Thanks! As for Maintenance, In the past it's been cleaning up their user profile temp files, cache and what not if they have been complaing about a slower system and they happen to be out of the office. Other random things. The scenario around submitting billable time is that usually the user has entered in the time but didn't send it off to the accountant. So it's all their on their profile just needs to be sent. The admin mode does not accomodate this.
Motley74: I think I do need to more closely define when and why I need these passwords... I think if I do this then it will put the risk/benifit ratio in perspective.
mkline71: Thanks for your kind words. I've already filled up several hat racks, reminds me I need to go out and get another soon. :) I think, like you mentioned, that established some expectations around passwords and communicating them to the users how things will be handled is the way to go.
Thanks Everyone!