IT asking for Domain passwords when upgrading computers

I know others Admins a completely against that and have ways instead of asking for Domain or Exchange email passwords.  
I like to hear what other Admins doing to avoid this question.  "what your password?", or we can reset and you change back later.

Thanks.
LVL 17
Tiras25Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Raymond PengConnect With a Mentor Systems EngineerCommented:
You can implement something like LastPass so passwords are saved and shared amongst Domain Admins only - when passwords are updated, you update the list.  Pretty much just a safe password list.
0
 
edster9999Connect With a Mentor Commented:
Your options are :

1. Have the user put in their password.  Normally you do not know how long it will take to run the process so this is impractical.
2. Get them to write down their login/password.  Not really good practice as you then know their login and if something goes wrong in the next few weeks they can blame you.
3. Same as number 2 but advise them to change it the next day (or toggle the flag so they HAVE to change it the next day)
4. You change their password to be something you know - and do your work, then at the end set it to something simple like Password123 and flag that it HAS to be changed on first login.

Which of these is good / bad - that depends on how good you want (or need) your security to be and how techy your user base is.
I would say 3 or 4 are acceptable and 1 and 2 or not in most cases
0
 
Ron MalmsteadConnect With a Mentor Information Services ManagerCommented:
I usually run into this when someone needs something done under their profile, and they aren't in the office to log on to their own computer.

As an admin, my options are..
1) call them and get their password.
2) reset their password.
3) wait until they get back.

If I can avoid it, I would rather not know someones password.. especially if that someone is my boss or a manager.
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
Tiras25Author Commented:
I'm with you on not knowing their passwords.  Just looking for alternative ways doing it.
0
 
McKnifeConnect With a Mentor Commented:
Handing it over is a no-go. There is no need to as they can reset it, do their work and reset it to another pw you gave them (just for resetting it to something non-standard), then they will never have it. Of course there's still the problem with password history policies that won't allow you to change it back to the original pw - that's something indeed only an admin would be allowed to do.

But please think of the price: they know your pw, they can act as you whenever they like for whatever reason: making fun, mobbing, snooping personal stuff without being verifiable.

There should be no need to do that - upgrading (the OS, or what?) is no regular maintenance task and will NOT require the admin to logon as a user. Pre-setting user preferences without logging in as the user himself is no fine art but standard admin work.
0
 
Tiras25Author Commented:
Hi McKnife, this is for building a new computer for the user.   Are you saying this can be done without logging as that user and confoguring his or her profile?
0
 
McKnifeConnect With a Mentor Commented:
Of course, yes. I admit, it's nice to be able to verify certain things works  in the profile of that very user, but normally, they do :)! Everything can be preset scripted/via GPOs with experience at the admin side.
0
All Courses

From novice to tech pro — start learning today.