On Thu, Jan 20, 2011 at 11:11 AM, Rudi Ahlers Rudi@softdux.com wrote:
Sometimes you need to access a PC of a staff member who is busy with something right now. And I'm not talking about administrative access. Sure, I can access any PC via root login, and frankly for that matter I can also reset any user's password via root login.
The message I'm trying to bring across is that users in the company shouldn't have passwords which admin doesn't know, or can't access. The PC's and data, well at least in our company, is the property of the company. Making it more difficult for an engineer to gain access to a user's PC automatically arises suspicion
You clearly work in an insecure environment.
No one should have access to anyone else's login. I have no admin privileges over my desktop. If I need something installed or uninstalled, I have to ask the Windows desktop support team who'll access my box remotely after I accept their request to a access my box in a popup on my screen. Of course, the Windows server support team can access my roaming profile on their boxes but (I presume since this is what we do and I don't know any of them to ask them) they'd have to justify that acess.
There's absolutely no reason to "access a PC of a staff member who is busy", that's terrible practice; and there's absolutely no way that anyone should know anyone else's password (a punishable violation of IT policy in our environment).