Rudi Ahlers wrote:
On Thu, Jan 20, 2011 at 3:47 PM, Jerry Franz jfranz@freerun.com wrote:
On 01/20/2011 02:55 AM, Rudi Ahlers wrote:
<snip>>
If you don't have full administrative access to the machine *independent* of people's day-to-day login accounts you are doing it wrong and need to hire a competent IT admin - because your current one doesn't know what heck they are doing.
Benjamin, I'm sorry to say this, but you're wrong!
Sometimes you need to access a PC of a staff member who is busy with something right now. And I'm not talking about administrative access. Sure, I can access any PC via root login, and frankly for that matter I can also reset any user's password via root login.
The message I'm trying to bring across is that users in the company shouldn't have passwords which admin doesn't know, or can't access. The PC's and data, well at least in our company, is the property of the company. Making it more difficult for an engineer to gain access to a user's PC automatically arises suspicion
I very strongly disagree with this, and agree with Benjamin. I do *not* want anyone else knowing my password, and whenever I have to be there when someone's entering a new one, I perform the Traditional Sysadmin Admiration of the Ceiling while they do it. I can't see any reason to have to know someone's password. If I need to be them, then going in as root, and su - <username> will do it.
mark
-
m.roth@5-cent.us