Jump to content

Password creation

Guest Don

By Guest Don
in Windows 2003 Server

 Share

Recommended Posts

Guest Don

Guest Don

Posted
Posted

I need to know what are the negatives on having your system administrator

creating and controlling all passwords to user on the domain? We have 450

users on the network.

--

-Don

  • Replies 3
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Guest Holz

Guest Holz

Posted
Posted

Re: Password creation

 

On Mon, 10 Dec 2007 18:33:00 -0800, Don wrote:

> users on the network.

 

The fact that he creates an knows all password... This is unheard off.

There is no reason in the world for that. If needed, he can always reset

the password on his end.

Sounds like a snoopy, in-secured admin to me.

 

 

--

:-)

Guest Jack Doyle

Guest Jack Doyle

Posted
Posted

Re: Password creation

 

Don wrote:

> I need to know what are the negatives on having your system administrator

> creating and controlling all passwords to user on the domain? We have 450

> users on the network.

 

In my opinion, nobody should know a user's password except the user.

You may also have compliance issues if you are regulated by SOX, HIPAA

or any of those guys.

 

--

 

Jack Doyle, Systems Engineer

ScriptLogic Corporation

http://www.scriptlogic.com

Kurt Newbie

Kurt

Posted
Posted

Re: Password creation

 

You know... I have an admin friend of mine who works for a large company (14000 users worldwide), and they actually do this!

All passwords are kept in an Access database. The admin changes passwords for the users as needed and then calls them to give them their new password.

 

Everyone thinks it is totally insane, and due to the manual nature of this system the user's passwords seldom get changed.

 

Executives will not buy in to enabling a domain password change policy which is really the way to go. So they are stuck with this method for now, which I think was carried over from when they were running an NT4 / Novell environment. (they are running 2003 native now).

 

I really do not recommend this approach- It is actually a lot more work than it's worth (i've witnessed it first-hand), and would be considered a security risk by any compliance standard.

 

 

Happy Holidays-

 

Kurt L.

Senior Support Lead / MCSE / CCNP

SysOp Tools

http://www.sysoptools.com

 

 

 

Don wrote:

> I need to know what are the negatives on having your system administrator

> creating and controlling all passwords to user on the domain? We have 450

> users on the network.

 

In my opinion, nobody should know a user's password except the user.

You may also have compliance issues if you are regulated by SOX, HIPAA

or any of those guys.

 

--

 

Jack Doyle, Systems Engineer

ScriptLogic Corporation

http://www.scriptlogic.com

 Share
Go to topic listing
×
×
  • Create New...