Rudi Ahlers wrote: > On Thu, Jan 20, 2011 at 3:47 PM, Jerry Franz <jfranz at freerun.com> wrote: >> On 01/20/2011 02:55 AM, Rudi Ahlers wrote: >>> <snip>> >> If you don't have full administrative access to the machine >> *independent* of people's day-to-day login accounts you are doing it >> wrong and need to hire a competent IT admin - because your current one >> doesn't know what heck they are doing. > > Benjamin, I'm sorry to say this, but you're wrong! > > Sometimes you need to access a PC of a staff member who is busy with > something right now. And I'm not talking about administrative access. > Sure, I can access any PC via root login, and frankly for that matter > I can also reset any user's password via root login. > > The message I'm trying to bring across is that users in the company > shouldn't have passwords which admin doesn't know, or can't access. > The PC's and data, well at least in our company, is the property of > the company. Making it more difficult for an engineer to gain access > to a user's PC automatically arises suspicion I very strongly disagree with this, and agree with Benjamin. I do *not* want anyone else knowing my password, and whenever I have to be there when someone's entering a new one, I perform the Traditional Sysadmin Admiration of the Ceiling while they do it. I can't see any reason to have to know someone's password. If I need to be them, then going in as root, and su - <username> will do it. mark