[unisog] End User Passwords and Technical Support Issues

Brezin, Wendy wbrezin at unf.edu
Tue Jan 15 19:57:38 GMT 2002


At University of North Florida we do state in our guidelines that passwords
shouldn't be shared.  Specifically (from
http://www.unf.edu/compserv/guidelines/glpasswd.html) "You should never
share your password with anyone, not even your supervisors. Your account and
associated privileges have been assigned for your use only. If another user
requires access or additional privileges, Computing Services will grant
access to that user once properly authorized."   

We also provide generic accounts for positions that have a lot of turnover
(example: admissions student assistant #1) that are associated with a real
person during the time they are doing a job.  The student or OPS worker and
the supervisor both know the password, which, naturally, gives both
additional privilege to the supervisor, and a security risk for the
supervisor to masquerade.  However, we were spending so much time setting up
specialized accounts for student and OPS assistants at the beginning of each
semester, we decided to accept that risk, and have re-usable generic
accounts.  It has also allowed sharing of files and important e-mail that
anyone serving in the position might need for consistency or historical
purposes.

Insofar as workstation setup is concerned, we have standardized on just a
few workstation configurations. A master "image" of a standard set of OS and
software is created on one workstation and, via Norton's Ghost utility, set
up on like machines.  Using Windows 2K there is an local administrative
account available for administrators to do troubleshooting or software
modifications.  Users log in to a domain with their own password.  In this
fashion, technical staff need not have access to a user's password.  This
guideline also creates the requirement that users be available to our
helpdesk assistants and technical personnel during troubleshooting of a
workstation, which our users are usually happy to do.  

Wendy Brezin
Systems & Web Administration Coordinator
Computing Services Department
University of North Florida
Jacksonville, Florida 32224
wbrezin at unf.edu

"Education is what survives when what has been 
learned has been forgotten." - B. F. Skinner



-----Original Message-----
From: Lampton, Margaret [mailto:lampton at cl.uh.edu]
Sent: Monday, January 14, 2002 6:28 PM
To: 'unisog at sans.org'
Subject: [unisog] End User Passwords and Technical Support Issues


Our University's Computing Acceptable Use Policies state that computer
accounts, passwords and other authorization codes should not be shared with
others.  Do other university's have similar statements in their Information
Systems Acceptable Use Policies?

Our administrative network is locked down using Windows NT. The technical
staff states that they must have the end users password in order to
troubleshoot, diagnosis and/or setup new machines.  How do you manage the
technical staff's need without violating the acceptable use policy of
"sharing passwords"?  

Thanks in advance for any suggestions you can provide.

Margaret Lampton
Associate Director 
University Computing and Telecommunications
University of Houston-Clear Lake
2700 Bay Area Blvd.
Houston, TX  77058

281-283-2954
lampton at cl.uh.edu



More information about the unisog mailing list