Requirement for dual approval when changing system passwords - Server 2008 R2 domain

We have a new requirement in that any changes to System passwords need to be approved by 2 users. Instead of 1 person with the appropriate permissions being able to change system passwords. Eg the administrator acocunt.

We have a server 2008 R2 domain level.
MayogroupAsked:
Who is Participating?
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Never heard of this requirement or ever being able to be considered or done.  Put simply, I'm going to say sorry, but this cannot be done without being able to implement some kind of two factor authentication and each person only has access to one "factor".

I'm curious if anyone else has suggestions, but your answer may simply be that this is not possible.  You might have to implement an audit system whereby you track who changes the password and then that person must retain records as to who authorized the change.
0
 
MayogroupAuthor Commented:
That is what I thought. It was a strange request, but I at least had to check.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.

Advertise Here