Users save data to central location manager has access to. If problems develop auditing can be enabled to determine who is accessing what.
However, in the event the manager knows users' passwords auditing would be meaningless. If a user is saving information that needs to be shared with management in an unsupported location the employee needs to be counseled. On Fri, Jan 8, 2010 at 2:33 PM, John Aldrich <[email protected]>wrote: > On Friday 08 January 2010, you wrote: > > Here's a scenario... > > > > This all goes to internal control. You will have stripped any form of > > accountability from your system. Employees will be able to accuse the > > manager of doing something and the manager is in an almost indefensible > > position (whether or not he did the thing he was accused of). > > There's exactly the reason why admins don't know employee passwords and > > have the ability to reset them. It is so the admin is accountable to > > the user (who may or may not be higher up in the organizational chart) > > as to who is accessing their information. > > Enabling a manager to know employee's passwords opens your organization > > up to potentially unlimited liability. > > > Good point. but then, how does the manager get access to the information he > needs if the user is not there and the manager doesn't know the password? > My *guess* would be that I would have to change the password to a temporary > password and then use my domain admin privileges to log the user out and > then log them back in using the temporary password so the manager could get > access to the account to look up the information he needs. > > -- > Thanks, > John Aldrich > Blueridge Industries > IT Manager > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
