On Thu, Jan 20, 2011 at 11:11 AM, Rudi Ahlers <Rudi at softdux.com> wrote: > > Sometimes you need to access a PC of a staff member who is busy with > something right now. And I'm not talking about administrative access. > Sure, I can access any PC via root login, and frankly for that matter > I can also reset any user's password via root login. > > The message I'm trying to bring across is that users in the company > shouldn't have passwords which admin doesn't know, or can't access. > The PC's and data, well at least in our company, is the property of > the company. Making it more difficult for an engineer to gain access > to a user's PC automatically arises suspicion You clearly work in an insecure environment. No one should have access to anyone else's login. I have no admin privileges over my desktop. If I need something installed or uninstalled, I have to ask the Windows desktop support team who'll access my box remotely after I accept their request to a access my box in a popup on my screen. Of course, the Windows server support team can access my roaming profile on their boxes but (I presume since this is what we do and I don't know any of them to ask them) they'd have to justify that acess. There's absolutely no reason to "access a PC of a staff member who is busy", that's terrible practice; and there's absolutely no way that anyone should know anyone else's password (a punishable violation of IT policy in our environment).