Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

IT asking for Domain passwords when upgrading computers

Posted on 2013-06-17
7
256 Views
Last Modified: 2013-06-17
I know others Admins a completely against that and have ways instead of asking for Domain or Exchange email passwords.  
I like to hear what other Admins doing to avoid this question.  "what your password?", or we can reset and you change back later.

Thanks.
0
Comment
Question by:Tiras25
7 Comments
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 100 total points
ID: 39254384
Your options are :

1. Have the user put in their password.  Normally you do not know how long it will take to run the process so this is impractical.
2. Get them to write down their login/password.  Not really good practice as you then know their login and if something goes wrong in the next few weeks they can blame you.
3. Same as number 2 but advise them to change it the next day (or toggle the flag so they HAVE to change it the next day)
4. You change their password to be something you know - and do your work, then at the end set it to something simple like Password123 and flag that it HAS to be changed on first login.

Which of these is good / bad - that depends on how good you want (or need) your security to be and how techy your user base is.
I would say 3 or 4 are acceptable and 1 and 2 or not in most cases
0
 
LVL 25

Assisted Solution

by:Ron Malmstead
Ron Malmstead earned 100 total points
ID: 39254685
I usually run into this when someone needs something done under their profile, and they aren't in the office to log on to their own computer.

As an admin, my options are..
1) call them and get their password.
2) reset their password.
3) wait until they get back.

If I can avoid it, I would rather not know someones password.. especially if that someone is my boss or a manager.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 39254691
I'm with you on not knowing their passwords.  Just looking for alternative ways doing it.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39254693
Handing it over is a no-go. There is no need to as they can reset it, do their work and reset it to another pw you gave them (just for resetting it to something non-standard), then they will never have it. Of course there's still the problem with password history policies that won't allow you to change it back to the original pw - that's something indeed only an admin would be allowed to do.

But please think of the price: they know your pw, they can act as you whenever they like for whatever reason: making fun, mobbing, snooping personal stuff without being verifiable.

There should be no need to do that - upgrading (the OS, or what?) is no regular maintenance task and will NOT require the admin to logon as a user. Pre-setting user preferences without logging in as the user himself is no fine art but standard admin work.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 39254766
Hi McKnife, this is for building a new computer for the user.   Are you saying this can be done without logging as that user and confoguring his or her profile?
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39254779
Of course, yes. I admit, it's nice to be able to verify certain things works  in the profile of that very user, but normally, they do :)! Everything can be preset scripted/via GPOs with experience at the admin side.
0
 
LVL 16

Accepted Solution

by:
l33tf0b earned 100 total points
ID: 39254834
You can implement something like LastPass so passwords are saved and shared amongst Domain Admins only - when passwords are updated, you update the list.  Pretty much just a safe password list.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Security perspectives to assess for APIs 1 39
Lightweight Networking 9 61
SOC, SIEM, IPS and FW 4 32
Home firewall recommendations 11 49
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question