[unisog] End User Passwords and Technical Support Issues

Paul Schmehl pauls at utdallas.edu
Tue Jan 15 16:13:31 GMT 2002

Your technical staff is mistaken.  All you need to do is create a group, 
put the technical staff in it, and make the group a member of the Local 
Administrator Group on each workstation.  Since Domain Admins are made 
members of the LAG whenever a computer joins the domain, the DAs should be 
able to do this with a script.

Here at UTD we use the Add Workstation Group for that purpose.  This gives 
the techs the ability to both add computers to the domain and perform all 
functions that require local administrator access.

Passwords should *never* be shared with anyone.  In Texas it's a violation 
of the Texas Penal Code to share account information, not to mention a 
violation of UT System policy and UTD policy, and this is clearly spelled 
out in our policy documents.

--On Monday, January 14, 2002 5:28 PM -0600 "Lampton, Margaret" 
<lampton at cl.uh.edu> wrote:

> Our University's Computing Acceptable Use Policies state that computer
> accounts, passwords and other authorization codes should not be shared
> with others.  Do other university's have similar statements in their
> Information Systems Acceptable Use Policies?
> Our administrative network is locked down using Windows NT. The technical
> staff states that they must have the end users password in order to
> troubleshoot, diagnosis and/or setup new machines.  How do you manage the
> technical staff's need without violating the acceptable use policy of
> "sharing passwords"?
> Thanks in advance for any suggestions you can provide.
> Margaret Lampton
> Associate Director
> University Computing and Telecommunications
> University of Houston-Clear Lake
> 2700 Bay Area Blvd.
> Houston, TX  77058
> 281-283-2954
> lampton at cl.uh.edu

Paul Schmehl (pauls at utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member

More information about the unisog mailing list