I hope you can all help. Those with a foundation of security would be especially welcome; however opinions always offer some weight, even if from a non IT background.
I have a question regarding IT Security and Non Repudiation.
I have been in a work environment recently where I have performed the following on a whole.
1. When first starting everyone in the company was using one general admin account with "all power" permissions to administer the network.
I implemented a policy to make sure individual admin accounts where created for each IT Person; for accounting purposes.
All 3 personalized admin accounts setup have equal and full administrator permissions on the domain network.
2. When starting all passwords, including admin accounts etc.. where stored in an excel spreadsheet.
I moved this to an encrypted lastpass database; that was moved to a central platform later on for on the road IT staff.
Everyone was given access to the centrally system; however due to myself being occupied with a specific client; left management to another internal IT staff member.
3. The client which I did the above for has kept passwords of all its staff in an excel sheet; which I have advised against; however my reasoning has been ignored for control and I guess what might be a lack of trust of our IT company.
I have recently complained to my Directors(no managers, small company) about illegal activities that were taking place; such as providing unathorised access to data that was not approved by the client. Financial records which are very sensitive in nature.
Sometime later I was off on sick leave and I was advised that the Windows Deployment Server was disconnected from the domain and they needed my user domain account password?
The part that puzzles myself is that they each have there own Domain Admin account under there own name; and likewise the local administrator password should be in Lastpass.
I do know they could reset the local administrator password; and sent themselves a guide. However should I provide my domain account password, from my understanding this would breach non repudiation in security; and reduce accounting or the authenticity of my account.