Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 265
  • Last Modified:

IT asking for Domain passwords when upgrading computers

I know others Admins a completely against that and have ways instead of asking for Domain or Exchange email passwords.  
I like to hear what other Admins doing to avoid this question.  "what your password?", or we can reset and you change back later.

Thanks.
0
Tiras25
Asked:
Tiras25
5 Solutions
 
edster9999Commented:
Your options are :

1. Have the user put in their password.  Normally you do not know how long it will take to run the process so this is impractical.
2. Get them to write down their login/password.  Not really good practice as you then know their login and if something goes wrong in the next few weeks they can blame you.
3. Same as number 2 but advise them to change it the next day (or toggle the flag so they HAVE to change it the next day)
4. You change their password to be something you know - and do your work, then at the end set it to something simple like Password123 and flag that it HAS to be changed on first login.

Which of these is good / bad - that depends on how good you want (or need) your security to be and how techy your user base is.
I would say 3 or 4 are acceptable and 1 and 2 or not in most cases
0
 
Ron MalmsteadInformation Services ManagerCommented:
I usually run into this when someone needs something done under their profile, and they aren't in the office to log on to their own computer.

As an admin, my options are..
1) call them and get their password.
2) reset their password.
3) wait until they get back.

If I can avoid it, I would rather not know someones password.. especially if that someone is my boss or a manager.
0
 
Tiras25Author Commented:
I'm with you on not knowing their passwords.  Just looking for alternative ways doing it.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
McKnifeCommented:
Handing it over is a no-go. There is no need to as they can reset it, do their work and reset it to another pw you gave them (just for resetting it to something non-standard), then they will never have it. Of course there's still the problem with password history policies that won't allow you to change it back to the original pw - that's something indeed only an admin would be allowed to do.

But please think of the price: they know your pw, they can act as you whenever they like for whatever reason: making fun, mobbing, snooping personal stuff without being verifiable.

There should be no need to do that - upgrading (the OS, or what?) is no regular maintenance task and will NOT require the admin to logon as a user. Pre-setting user preferences without logging in as the user himself is no fine art but standard admin work.
0
 
Tiras25Author Commented:
Hi McKnife, this is for building a new computer for the user.   Are you saying this can be done without logging as that user and confoguring his or her profile?
0
 
McKnifeCommented:
Of course, yes. I admit, it's nice to be able to verify certain things works  in the profile of that very user, but normally, they do :)! Everything can be preset scripted/via GPOs with experience at the admin side.
0
 
Raymond PengSystems EngineerCommented:
You can implement something like LastPass so passwords are saved and shared amongst Domain Admins only - when passwords are updated, you update the list.  Pretty much just a safe password list.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now