All, I am in agreement to not use a person's name and to use service accounts. The problem is, I am stuck with a system where a person changed the Demo login name to their own person's name. I assume that they thought it was easier than creating their own privileged account.
Can the login name be changed back to Demo in the User form? Are there any risks to be aware of? Thank you, Sandra Sandra Hennigan -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Rick Westbrock Sent: Tuesday, November 04, 2014 10:41 AM To: [email protected] Subject: Re: Demo Login Name has been Changed ** Two other reasons to not use an individual’s login: 1. When the person leaves the company or transfers to another department/division their account either be locked or permissions changes which would break your install. 2. Security audits. In many cases if someone has left the company leaving their accounts active is a violation (which leads back to #1 in a way). Service accounts are definitely the way to go as mentioned by others. They will usually have different security policies, not be subject the same periodic password change requirements as individual accounts etc. -Rick From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Rick Cook Sent: Tuesday, November 04, 2014 6:20 AM To: [email protected] Subject: Re: Demo Login Name has been Changed ** I'm with Ken. First thing I do is set up Service Accounts that aren't subject to people leaving, or passwords that expire, etc. Use them for system functions. I keep Demo (with a pw) as kind of a back door in for the Administrators. Rick Cook On Tue, Nov 4, 2014 at 6:17 AM, Ken Pritchard <[email protected]> wrote: ** Not everyone gets overly concerned about ‘security’ when it comes to the Demo password in a Remedy environment. I personally don’t think it should be a personal login – so even if you don’t want it to be Demo (which I’ve always found a bit hokey anyway) I would make it a system acct / login. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of LJ LongWing Sent: Tuesday, November 4, 2014 9:15 AM To: [email protected] Subject: Re: Demo Login Name has been Changed ** Sandra, Personally, I think it's a security risk to leave a 'Demo' account in place, even if you set the password. So, no....I don't personally think you should put it back. On Tue, Nov 4, 2014 at 7:08 AM, Hennigan, Sandra, CTR, DSS <[email protected]> wrote: ** All, I have inherited an 8.1.01 new install, just about ready for UAT. The previous administrator renamed the "Demo user for startup" with her personal login name. This was recently discovered during troubleshooting when some of the integrations stopped working. Specifically, “Demo” was the user entry in a couple of the Configuration files. To resolve the issues with integrations, a new user was created and the services pointed to the new user. I am concerned that there may still be configuration files identifying Demo as the qualified user. Question: Do we leave well enough alone and keep the "Demo user for startup" with her personal login name or use DMT and change the "Demo user for startup" name. Any other ideas? Any concerns or follow up steps? As always, assistance from the list is priceless! Thanks. Sandra _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
