Solved

IT asking for Domain passwords when upgrading computers

Posted on 2013-06-17
7
249 Views
Last Modified: 2013-06-17
I know others Admins a completely against that and have ways instead of asking for Domain or Exchange email passwords.  
I like to hear what other Admins doing to avoid this question.  "what your password?", or we can reset and you change back later.

Thanks.
0
Comment
Question by:Tiras25
7 Comments
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 100 total points
ID: 39254384
Your options are :

1. Have the user put in their password.  Normally you do not know how long it will take to run the process so this is impractical.
2. Get them to write down their login/password.  Not really good practice as you then know their login and if something goes wrong in the next few weeks they can blame you.
3. Same as number 2 but advise them to change it the next day (or toggle the flag so they HAVE to change it the next day)
4. You change their password to be something you know - and do your work, then at the end set it to something simple like Password123 and flag that it HAS to be changed on first login.

Which of these is good / bad - that depends on how good you want (or need) your security to be and how techy your user base is.
I would say 3 or 4 are acceptable and 1 and 2 or not in most cases
0
 
LVL 25

Assisted Solution

by:Ron M
Ron M earned 100 total points
ID: 39254685
I usually run into this when someone needs something done under their profile, and they aren't in the office to log on to their own computer.

As an admin, my options are..
1) call them and get their password.
2) reset their password.
3) wait until they get back.

If I can avoid it, I would rather not know someones password.. especially if that someone is my boss or a manager.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 39254691
I'm with you on not knowing their passwords.  Just looking for alternative ways doing it.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39254693
Handing it over is a no-go. There is no need to as they can reset it, do their work and reset it to another pw you gave them (just for resetting it to something non-standard), then they will never have it. Of course there's still the problem with password history policies that won't allow you to change it back to the original pw - that's something indeed only an admin would be allowed to do.

But please think of the price: they know your pw, they can act as you whenever they like for whatever reason: making fun, mobbing, snooping personal stuff without being verifiable.

There should be no need to do that - upgrading (the OS, or what?) is no regular maintenance task and will NOT require the admin to logon as a user. Pre-setting user preferences without logging in as the user himself is no fine art but standard admin work.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 39254766
Hi McKnife, this is for building a new computer for the user.   Are you saying this can be done without logging as that user and confoguring his or her profile?
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39254779
Of course, yes. I admit, it's nice to be able to verify certain things works  in the profile of that very user, but normally, they do :)! Everything can be preset scripted/via GPOs with experience at the admin side.
0
 
LVL 16

Accepted Solution

by:
l33tf0b earned 100 total points
ID: 39254834
You can implement something like LastPass so passwords are saved and shared amongst Domain Admins only - when passwords are updated, you update the list.  Pretty much just a safe password list.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now