Password creation

D

Don

I need to know what are the negatives on having your system administrator
creating and controlling all passwords to user on the domain? We have 450
users on the network.
--
-Don
 
H

Holz

On Mon, 10 Dec 2007 18:33:00 -0800, Don wrote:

> users on the network.

The fact that he creates an knows all password... This is unheard off.
There is no reason in the world for that. If needed, he can always reset
the password on his end.
Sounds like a snoopy, in-secured admin to me.


--
:)
 
J

Jack Doyle

Don wrote:
> I need to know what are the negatives on having your system administrator
> creating and controlling all passwords to user on the domain? We have 450
> users on the network.

In my opinion, nobody should know a user's password except the user.
You may also have compliance issues if you are regulated by SOX, HIPAA
or any of those guys.

--

Jack Doyle, Systems Engineer
ScriptLogic Corporation
http://www.scriptlogic.com
 
K

Kurt

Member
Dec 17, 2007
Los Angeles
You know... I have an admin friend of mine who works for a large company (14000 users worldwide), and they actually do this!
All passwords are kept in an Access database. The admin changes passwords for the users as needed and then calls them to give them their new password.

Everyone thinks it is totally insane, and due to the manual nature of this system the user's passwords seldom get changed.

Executives will not buy in to enabling a domain password change policy which is really the way to go. So they are stuck with this method for now, which I think was carried over from when they were running an NT4 / Novell environment. (they are running 2003 native now).

I really do not recommend this approach- It is actually a lot more work than it's worth (i've witnessed it first-hand), and would be considered a security risk by any compliance standard.


Happy Holidays-

Kurt L.
Senior Support Lead / MCSE / CCNP
SysOp Tools
www.sysoptools.com



Jack Doyle said:
Don wrote:
> I need to know what are the negatives on having your system administrator
> creating and controlling all passwords to user on the domain? We have 450
> users on the network.

In my opinion, nobody should know a user's password except the user.
You may also have compliance issues if you are regulated by SOX, HIPAA
or any of those guys.

--

Jack Doyle, Systems Engineer
ScriptLogic Corporation
http://www.scriptlogic.com
Click to expand...
 
You must log in or register to reply here.

Similar threads

D
AD Password Change- Password does not meet requirements
Replies
0
Views
10
David Galway
D
C
I have two pc's on my home network, I want to share some folders between the two. But the dam think keeps asking for a username and password,
Replies
0
Views
13
Charles Stevenson1
C
Y
DPAPI Key Changes After Domain Restoration on Windows Server 2022
Replies
0
Views
38
Yousef Al-Awadi
Y
J
how to report a scam
Replies
0
Views
3
Julie Mansfield
J
B
New Windows LAPS - Can User retrieve Password for his Workstation?
Replies
0
Views
37
Bastian M.
B
Back
Top Bottom