That is why I mentioned it. I seem to remember a few years ago a professor leaving his office machine logged in but not locked or giving someone his password and then going on vacation. According to the story I heard at the time someone sent threatening emails using his account and having all kinds of issues when he got back from vacation explaining how he did not send those emails. I would not like being the admin that setup something like this to happen and would even like less being the supervisor for that admin.
Talk about lawsuits! Wish I knew if that story is true or not. Jon On Fri, Jan 8, 2010 at 2:20 PM, Jonathan Link <[email protected]>wrote: > Here's a scenario... > > This all goes to internal control. You will have stripped any form of > accountability from your system. Employees will be able to accuse the > manager of doing something and the manager is in an almost indefensible > position (whether or not he did the thing he was accused of). > There's exactly the reason why admins don't know employee passwords and have > the ability to reset them. It is so the admin is accountable to the user > (who may or may not be higher up in the organizational chart) as to who is > accessing their information. > Enabling a manager to know employee's passwords opens your organization up > to potentially unlimited liability. > > > > On Fri, Jan 8, 2010 at 1:38 PM, John Aldrich < > [email protected]> wrote: > >> On Friday 08 January 2010, you wrote: >> > There's no way to do what he has requested, and it's a security issue >> > waiting to happen. >> > >> That's what I thought. Hell, this guy doesn't even want to have to change >> his own password. I gave up on him, but there's no way in hell I'm going >> to >> not make the rest of the userbase change their passwords every 90 days. >> :-) >> Guess he'll just have to make sure he keeps an updates username/password >> list. :-( >> Fortunately, we're only talking about maybe half a dozen computers. I >> CC-ed >> my boss who, I believe, is technically higher on the food chain than the >> CS >> Manager, and explained my concerns, but I have a feeling I'm going to be >> overruled. >> >> -- >> >> Thanks, >> John Aldrich >> Blueridge Industries >> IT Manager >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
