On Friday 08 January 2010, you wrote: > Here's a scenario... > > This all goes to internal control. You will have stripped any form of > accountability from your system. Employees will be able to accuse the > manager of doing something and the manager is in an almost indefensible > position (whether or not he did the thing he was accused of). > There's exactly the reason why admins don't know employee passwords and > have the ability to reset them. It is so the admin is accountable to > the user (who may or may not be higher up in the organizational chart) > as to who is accessing their information. > Enabling a manager to know employee's passwords opens your organization > up to potentially unlimited liability. > Good point. but then, how does the manager get access to the information he needs if the user is not there and the manager doesn't know the password? My *guess* would be that I would have to change the password to a temporary password and then use my domain admin privileges to log the user out and then log them back in using the temporary password so the manager could get access to the account to look up the information he needs.
-- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
