Re: administrator wont allow password change

anonymous_at_discussions.microsoft.com
Date: 07/29/04 

Date: Thu, 29 Jul 2004 12:38:57 -0700

Not to mention the fact that the admin having control of
the users passwords prevents proper auditing and non-
repudiation, putting each user at risk, not to mention
the entire company.

>-----Original Message-----
>Boo Hoo to the user for inconveniencing them. Passwords
should NOT, NEVER,
>EVER be documented! What happens when that document is
leaked? Your ENTIRE
>organization is compromised. The user is going to have
to understand that
>this is the way things need to be done. It is not worth
having every user
>account compomised because it is a hassle for the user
to have to be at
>their desk instead of smoking their cancer sticks.
>
>"Phillip Windell" <@.> wrote in message
>news:ubsb99KdEHA.1648@TK2MSFTNGP11.phx.gbl...
>> One correction.
>>
>> We do allow the users to change the password anytime
they want, but if I'm
>> not notified and am in a situation where I need to be
logged in under
>their
>> account then I will make it whatever I want it to be
and then we have to
>> deal with it later. They get tired of that, most
typical users will
>> complain over one extra mouse-click on something, let
alone having to deal
>> with unexpected password change.
>>
>> But don't get me wrong,...I would **LOVE** to work in
a high security
>> environment where users understand what is going
on "security-wise", and
>> everything is done "by-the-book".
>>
>> --
>>
>> Phillip Windell [MCP, MVP, CCNA]
>> www.wandtv.com
>>
>>
>
>
>.
>

Relevant Pages

  • Password Login - Auto Populate Fields
    ... I have a table of Users with passwords that I have given them ... This is not high security, just data entry. ... My problem is that it works for the first record only. ...
    (microsoft.public.access.formscoding)
  • Re: Password Cracking
    ... > attempts, etc, etc) that can be used to reduce risk. ... login screen or someone guessing passwords remotely can be reduced. ... cryptographic private keys, encrypted hard disks, backup tapes, etc. ... All this has nothing to do with passwords or the password file at all, ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Kerberos pre authentication question
    ... Switching it off increases the risk of offline guessing of passwords. ... Preauthentication is a feature introduced in Kerberos version 5. ...
    (microsoft.public.security)
  • Re: Password Cracking
    ... > finding written down passwords. ... up the words "strength" and "risk". ... The error I made was to state that the *strength* of a password depends ... scheme and the one the hacker generates passwords from. ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Template Security
    ... Scot didn't say what risk he is worrying about. ... protect a template. ... environment without proliferation of passwords. ... > Your examples omit the most common reason for protecting the template: ...
    (microsoft.public.word.docmanagement)