Active Directory

[King X13]

lol, well every system administrator has this level of access when runing a network, and the same ability to do this. and as for are they aware of this....are you supposed to be aware of big brother lol.

I think most standered users at work really arent aware of the access of a systems admin.

 

[cabling1]

Yeah... I bet you run into a lot of interesting emails ... What a job!!! lol

 

[superdave1984]

How many users are you talking about? Is it really a thousand? Maybe put in a security template so users can't change their own passwords, then issue them passwords that YOU created and have logged in an encrypted folder of course. It would take some time, but it could be done.

 

[mBernhardt]

Just because it doesn't seem like a breach of security for you to view someone's passwords where you work doesn't mean there aren't organizations where it would be a massive breach of security.

I know from personal experience that many people will change all their passwords to be the same just so they don't have to remember them all.

So, once you can see one. You can, in effect, see them all.


And besides, what's to stop you from using that person's account for malicious activities? I know you could just change their password and take their account over, but then there'd be a log entry of you changing their password that couldbe traced.

 

[evelmunkey]

Just because it doesn't seem like a breach of security for you to view someone's passwords where you work doesn't mean there aren't organizations where it would be a massive breach of security.

I know from personal experience that many people will change all their passwords to be the same just so they don't have to remember them all.

So, once you can see one. You can, in effect, see them all.


And besides, what's to stop you from using that person's account for malicious activities? I know you could just change their password and take their account over, but then there'd be a log entry of you changing their password that couldbe traced.

exactly!

 

[King X13]

i think you guys are mis understanding why i said its not a breach of security.

First no one cares if the user uses the same password for home email and there bank account as they do for there office. microsoft doesnt care and i dont care, thats there problem if they wanna use the same one for everything, and no software is designed around the thought of people being to stupid to remember different passwords.

Now back to the security breach part, if you read what i wrote a couple of posts up was this :

" ok, but why do you think it would be a security breach?

Heres some background info so you cant say while they use 1 password for many things and stuff like that.

They are forced to change there password every 30 days

I obviously can change there passwords so the breach wouldnt be me getting into there files since i can change it and do that.

I can get into there files on the server with out even logging in as them.

I control exchange server so i can anyones email with out a password by just puttin there user name into outlook on exchange so i dont need a password for that.

I can go into there files on our server anytime i want with out there account.

There really is nothing that the password does protect against from an admin, so there is no security breach if i am the security.

so im just curious why you guys think its a security issue."

you can do all that with out any passwords and with out any log being created of the administrator doing so. that stuff is what most people would call a security breach but on servers its called administrator rights.

any administrator can do maicious activity with out logs of them doing so, with out passwords, with out even needing to log on as that user. thats my point. not that any of us do.

that being said, knowing a password is minor compared to all that and more that an administrator can do. being that i can do anything with out there password but they can not, so the only, only purpose of the password is for the users not that administrator and it only purpose of seeing them would be to tell them there own password since we do not need it for anything.

 

[milen]

I think the best way is not let users change them password,
the Admin should do it and same time keep record of
the accounts to some DB of yours....