[unisog] End User Passwords and Technical Support Issues
pauls at utdallas.edu
Tue Jan 15 16:13:31 GMT 2002
Your technical staff is mistaken. All you need to do is create a group,
put the technical staff in it, and make the group a member of the Local
Administrator Group on each workstation. Since Domain Admins are made
members of the LAG whenever a computer joins the domain, the DAs should be
able to do this with a script.
Here at UTD we use the Add Workstation Group for that purpose. This gives
the techs the ability to both add computers to the domain and perform all
functions that require local administrator access.
Passwords should *never* be shared with anyone. In Texas it's a violation
of the Texas Penal Code to share account information, not to mention a
violation of UT System policy and UTD policy, and this is clearly spelled
out in our policy documents.
--On Monday, January 14, 2002 5:28 PM -0600 "Lampton, Margaret"
<lampton at cl.uh.edu> wrote:
> Our University's Computing Acceptable Use Policies state that computer
> accounts, passwords and other authorization codes should not be shared
> with others. Do other university's have similar statements in their
> Information Systems Acceptable Use Policies?
> Our administrative network is locked down using Windows NT. The technical
> staff states that they must have the end users password in order to
> troubleshoot, diagnosis and/or setup new machines. How do you manage the
> technical staff's need without violating the acceptable use policy of
> "sharing passwords"?
> Thanks in advance for any suggestions you can provide.
> Margaret Lampton
> Associate Director
> University Computing and Telecommunications
> University of Houston-Clear Lake
> 2700 Bay Area Blvd.
> Houston, TX 77058
> lampton at cl.uh.edu
Paul Schmehl (pauls at utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member
More information about the unisog