Hello,
I have a legal question regarding domain passwords:
I am the administrator for a small network (about 25 users and workstations), for a small family owned business.
A few months ago, one of the owners told me to keep track (update weekly) of all users domain logon passwords, because they wanted to logon as an employee a snoop. I provided it with much anger, and did not persue updating the list.
Last week, they approached me again with the same task. This time I asked them to provide me that question ‘in writing’, in order to save my back down the road. They also said that they spoke to their lawyer, and he said that the owner is within their rights to collect passwords, since they own the computers, and that larger corporations, such as Microsoft, have a department that does this too…
The question is: Is a company within their leagal jurisdiction to demand such a thing from the IT Administrator? Do I grin and bare it?
I am not sure were to post this, but any advice you have would be great.
P.S.
If it matters (states are different), the company is in Pennsylvania.
Thansk for your adice!