General discussion


Should Techs know Users Passwords?

By Finster77 ·
We are being told by out Director that we can no longer log onto a User's PC forr support reasons using the User's account/password. Remote assistance is ok, but if it requires a rebott and the user is nolonger around, we are boned. Any thoughts. How are other helpdesks doing this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

As long as there are Win98 clients ...

by mikewbc In reply to Should Techs know Users P ...

...I'll always need to have the user's passwords. You can reset the domain password at the server, but that doesn't get you logged onto the correct Win98 profile!! To do that you either have to go in, copy the profile to a new name, delete the original profile, copy the new profile to a second new profile using the original user name, give it the new domain password, Then delete the first new profile... or you can just delete all the .pwl files on the machine and when you log in the next time you enter the new password.

I don't know how many time's I've had a user say, my outlook doesn't work, or I can't get to my files, only to find out that they either typed their user name wrong or password wrong, and then created a new profile in Win98 that lets them use their local computer, but not get to the network. One user had more than 5 variations of their user name, each with different user profiles, only 1 of which would work on the network. With 50 of them and only one of me, I'd never get anything done but fix password problems or change passwords without my list.

Collapse -

Win 98 was never secure

by jjdgraz001 In reply to As long as there are Win9 ...

What kind of legetimate network still uses Win98 clients? There is NO security in FAT files systems. Nothing is protected from other users/hackers.

I suppose that if a seven year old operating system works, then there is no reason to upgrade. But how about service packs and hot fixes?

I thank my stars I don't have to deal with that problem any more.

Collapse -

Really, no need to know their password...

by Jessie In reply to Should Techs know Users P ...

I've only ever worked for one company that DIDN'T have a policy about us knowing a user's password. If worst comes to worst, and it's an emergency that I get into a user's account, I can always talk to the Director of IT, get his/her approval for a password reset, reset the user's password, login, and force the user to change it at next logon.

For the most part, really, if you coordinate things with the users, it's never really a problem for me to NOT know their passwords. There's no need and it's WAY too un-secure. It would require writing down their password somewhere, as I know I can't remember over 400 users' passwords, which would make each user vulnerable to theft and cyber-backstabbing. It's just not a good idea really.

Collapse -

Dilemma (Gatesian Universe)

by plum In reply to Should Techs know Users P ...

Those of us who work in the mindset of the Gatesian Universe (aka Windows), and have done so for a fair amount of time (on the order of decades), can shed some light on this matter of users' passwords.

It's easier to support a user in today's technology than in yesterday's technology... because Windows does a lot of quirky things inside of the user's profile area.

It has become so unweildy, in fact, that you will not be able to replicate a user's problem unless you are logged in as that user (in a Win2K or WinXP environment). With the advent of SP2 for WinXP, the challenges compound.

General... I agree with all who have said that the user's password should be private.

From a support perspective, however, it's becoming harder to support users as Windows "matures" due to the many "unpredicatable" and "unexplainable" occurences of "problems." It's nearly "impossible" to diagnose some problems, even knowing the user's passwords and working using their profiles. We see it... but we can't fix it. Sometimes we fix it by redo'ing their profiles... not really knowing what hosed their machines... and sometimes we opt for the 4 to 16 hour rebuild of their PCs.

The supertechs, of course, would argue that they can fix anything. Sure, I've seen those guys... and might even claim to be one... but seldom is it a resource-effective process... and I havn't really met too many supertechs... except those that are supertechs in tongue only...

Collapse -

Well just sometimes it is necessary

by HAL 9000 Moderator In reply to Should Techs know Users P ...

But here I'm thinking about a programs password not the computers password as there have been occasions when I've had to log on and out of a program for changes to take effect and it is just not piratical to have the user sitting there on the off chance that they might have to enter in their password. Actually when it all comes down it the nitty gritty I'm flat out remembering my own passwords let alone everyone else's so after I've finished a particular job I've effectively forgotten the password in question. I write these down for reference while I'm at the unit and shred then when I'm finished.

But it is amazing just how many people expect you to remember a password that they gave you 6 months ago. :)

Col ]:)

Collapse -

Sometimes it is necessary

by smanches In reply to Well just sometimes it is ...

I support a network of over 700 users to 2 techs - very seldom do I need to change a users password to fix a problem on their pc (even though I can since I have the permission to reset and create the users accounts) We have a password policy also, but most users would rather give me their password than have to come up with a new one (we change passwords every 45 days). I shred all passwords given to me once the job has been completed and I have never had any complaint on work that has been done as the user, except for uninstalling unapproved software from the pc. :-) I get the same thing about passwords - I just tell them all the passwords I have to remember to do my job, there is no way possible I can remember theirs.

Collapse -

Config Mgmt Spec 1

by carrie.elsesser In reply to Should Techs know Users P ...
Collapse -

I dont see this is a problem

by glen.cranston In reply to Should Techs know Users P ...

I use administrator account to get into a pc if the user is out. Or change the password to get into the pc.

Collapse -

user passwords

by doug m. In reply to Should Techs know Users P ...

We start by not knowing anyone's passwords, but if we need to we will ask for one if we truly require it for that time. But we don't write them down or memorize them. Seems to work for us.

Collapse -

Ahh the wonderful world of... it depends

by duanedelima In reply to Should Techs know Users P ...

Passwords should never be known by more than the intended user of that password. Passwords should be memorised and never written down or stored on the systems in a file.

The only case I would like to think this differs, is in the case of the system's current admin password... which should be known by the network administrator, and written on a paper, sealed in an envelope and locked in the company's safe. This may seem questionable. However, don't let security fears blind you from reality. Us techies can be hit by a bus and die. And with us, goes the entire network's primary control. They can get a replacement tech, but he would need to know the login password to resume work. No-one should know the password, but it should be accessible in absolute emergencies... thus... the safe...

Anyway, back to the question at hand... you should not know the user's password. In the case of requiring access to the user's account, you have two options...
1) have the user with you to log on himself/herself... this ensures you never need to enter the password yourself...
2) Reset the user's password to a randomly generated password, use that for your work, then inform the user of the password change... (do this personally) then have the user recreate a password once you're done with your work.

Related Discussions

Related Forums