Solved

Password Management for employees

Posted on 2013-05-14
11
429 Views
Last Modified: 2013-05-22
Does anyone have a suggestion for a method to maintain employees' passwords to various programs and files they use? The scenario I'm considering is if an employee dies, leaves unexpectedly or is critically injured and we need to gain access to their files or programs.
Thank you for your help!
0
Comment
Question by:lyonski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 32

Expert Comment

by:Paul Sauvé
ID: 39167061
Where I worked, SysAdmins could override user access passwords to network, etc. but NOT to passwords on individual files.
0
 
LVL 1

Expert Comment

by:dmitrij75
ID: 39167226
You may try to use a different programs if you want to have access to their passwords.
Here is ones I am using:
1) Password Recovery Bundle (www.top-password.com): *.doc, *.xls, *.pdf, *.rar, SQL server, etc
2) Passcape Network Password Recovery Wizard (www.passcape.com) : to recover/decrypt the cached passwords for accounts in domain
3) Passcape Windows Password Recovery-the most universal and the best tool to discover all the passwords including cached and those in Active Directory. Possibilities are depending on edition
Nevertheless, if the employees are encrypted their files with a third party programs with the embedded tools, as performed in Glary Utilities (www.glarysoft.com). Or there are many self-dependent programs like Eltima Exe Password Protector (www.eltima.com). In these cases your company should consider a candidacy of hacker that will crack the .exe or get the hashes for those programs, that is not in the lists in the programs, aimed to get the hashes and decrypt them.
0
 

Author Comment

by:lyonski
ID: 39171639
So dmitrij75, your suggestions all seem to point to the idea that we try to recover passwords once we are in that situation, as opposed to having a location where employees keep a running list of list of user ids and passwords?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 32

Expert Comment

by:Paul Sauvé
ID: 39171741
Here is one example of software you can use, but there are more, depending on your network architecture:
Welcome to IT Direct
IT Direct was formed in 2000 with the aim of providing a utility to simplify the management of user accounts, Since then User Account Manager has sold hundreds of copies in over 16 countries
User Account Manager (UAM) simplifies the management of user accounts in Microsoft networks. UAM manages the account through its complete lifecycle, from creation -moves - changes and finally deletion, all without the need for complex scripting knowledge. With the use of templates, bulk users can be imported all with the correct settings in a matter minutes.
0
 
LVL 30

Expert Comment

by:serialband
ID: 39172152
What programs and files do they use?

If it's the windows system, you can always reset the password on the system itself or on the server.
If you're looking at mail accounts, you can also reset the password.
0
 

Author Comment

by:lyonski
ID: 39172244
It can be Word or Excel documents, or any websites they visit where they may need a user id and password to place orders, for software licensing (i.e. Antivirus, backups), etc.
0
 
LVL 32

Expert Comment

by:Paul Sauvé
ID: 39172276
any websites they visit where they may need a user id and password to place orders, for software licensing (i.e. Antivirus, backups), etc.
Can all users actually choose the antivirus and backup software they install on company-PC's? Or do certain users order this software for company use?
0
 

Author Comment

by:lyonski
ID: 39172418
We decide what software they use.
0
 
LVL 32

Expert Comment

by:Paul Sauvé
ID: 39172474
You could solve a lot of these issues by using a password management system (such as the User Account Manager (UAM) I mentioned above) AND a software license management system - for example an inventory system.

The latter allows you to have on hand the number of licenses you have for each type of software you use (i.e. the number of installed copies and on which computers the software is installed on, where the software was purchased and the suppliers contact information). This would preclude the requirement of knowing user ids/passwords for purchased software.

As for the individual passwords on various users files, well that is a bit more difficult to control.
0
 
LVL 1

Accepted Solution

by:
dmitrij75 earned 400 total points
ID: 39174087
As the absolute key to this question I am offer you to do these steps:
1)  install DeviceLock (www.devicelock.com) on the server and restrict access to some devices of your organization, so that only you can install the software you want. This program is able to do the other things of monitoring and tracking the actions of the users and get total control of outbound information they send from they computers. The program can apply the various access rights to devices, when the users connected to domain or they are working locally (or get disconnected)
2)  install WinLock (http://www.crystaloffice.com)-this will give you the option to choose what the programs they should to run/setup and what not. It also applies some restrictions      in part of system security policies upon your choise. No ways to change some of them via the registry as the program monitors the settings in real time and save them in a secret database
3)  consider to use Kerio WinRoute Firewall if you need to save the traffic in your organization and restrict to the harmful sites.
4) don't forget to assign the recovery agent for EFS and save the certificate in secure place
5) consider to encrypt all the drives of your computers, for example with DriveCrypt Plus Pack (http://www.securstar.com), so that the users would not the possibilities to attack the computers under live CD/DVD with DOS, LINUX, etc
6) use a tool offered to you by paulsauve
I am using the server many years and have no problems I had before. All is under control!
0
 
LVL 25

Expert Comment

by:TempDBA
ID: 39180201
I guess Active Directory will be helpful here.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question