[unisog] End User Passwords and Technical Support Issues

John K. Lerchey lerchey at andrew.cmu.edu
Tue Jan 15 03:28:37 GMT 2002

I can speak for Computing Services at Carnegie Mellon...

--On Monday, January 14, 2002 5:28 PM -0600 "Lampton, Margaret" 
<lampton at cl.uh.edu> wrote:

> Our University's Computing Acceptable Use Policies state that computer
> accounts, passwords and other authorization codes should not be shared
> with others.  Do other university's have similar statements in their
> Information Systems Acceptable Use Policies?

Our current policy stats that you may not share accounts/passwords. 
However, we are working on an updated policy (which must go through many 
committees!) which, if accepted, will allow admistrative support people to 
access the accounts of the people that they support, with appropriate 
permission.  This allowance will give administrative support staff to 
access email and such for the faculty or staff that they provide support 

> Our administrative network is locked down using Windows NT. The technical
> staff states that they must have the end users password in order to
> troubleshoot, diagnosis and/or setup new machines.  How do you manage the
> technical staff's need without violating the acceptable use policy of
> "sharing passwords"?

Nonsense.  Administrators can be given accounts with priv'd access to 
systems.  If they need to troubleshoot an issue with a specific user 
account, they can have the user enter the password, keeping it secret, and 
then do the troubleshooting.  We support our users and do NOT know their 

> Thanks in advance for any suggestions you can provide.

You're welcome. :)

John K. Lerchey
Computer and Network Security Coordinator
Carnegie Mellon University

> Margaret Lampton
> Associate Director
> University Computing and Telecommunications
> University of Houston-Clear Lake
> 2700 Bay Area Blvd.
> Houston, TX  77058
> 281-283-2954
> lampton at cl.uh.edu

More information about the unisog mailing list