Announcement

Collapse
No announcement yet.

Change all passwords

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Change all passwords

    One of my Help Desk guys is leaving tomorrow and he pretty much knows everyone's passwords and system passwords.

    I'm going to change all the system passwords, but what do I do about the user passwords? There's a chance that our external Citrix interface could be used to log in using any of the Citrix users' credentials- but I can't just manually force a change on all Citrix users without first telling them what I'm doing- then again I can't tell them while my departee is still here.

    What do I do?

    We have VPN, OWA & Citrix open to the outside world.
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Change all passwords

    Why can't you tell all users to change their passwords "due to changes in privileged staff"? I would not (as a leaver) see this as unreasonable...


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Change all passwords

      If you are that concerned about the persons reaction to users being asked to change passwords, tell HR to put him on paid "leave" with immediate effect, escort him off the premises etc. If he is professional he will understand exactly why you are telling users to change passwords and should indeed suggest it to you. If he is not professional and there is the slightest risk he could hack the system, get him out of it ASAP.

      Also, why does he need users passwords -- they should handle their own

      TOm
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Change all passwords

        Why not forcing that every user has to change it's password by "change password at next logon" ?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Change all passwords

          Originally posted by Dumber View Post
          Why not forcing that every user has to change it's password by "change password at next logon" ?
          I'm with you, beside the notificatoin mail marked as urgent.

          use admodify.exe

          Comment


          • #6
            Re: Change all passwords

            Originally posted by Dr.Kernel View Post
            I'm with you, beside the notificatoin mail marked as urgent.
            Of course, but that has anything to do with communication and isn't much tech related
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Change all passwords

              Originally posted by Dr.Kernel View Post
              I'm with you, beside the notificatoin mail marked as urgent.
              Of course just to make sure they read the email, the Subject line should read Free Porn.
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: Change all passwords

                Firstly, because the guy was on Help Desk, he is always asking the users for their passwords to test logins into the domain and into other in-house apps.

                I know I can force a password change, but even that is fraught with danger. What if he tries to get into Citrix using one of the user credentials which has not had it's password changed? He'd log in with the user's old password, the system then asks him to change his password assuming he is the authorised owner of that account, and off he goes!

                I can't change all passwords to a generic password else users will have access to other user's logins.

                I've been burnt b4 so I don't want this to happen again!
                |
                +-- JDMils
                |
                +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                |

                Comment


                • #9
                  Re: Change all passwords

                  well, at least you have a terrible password policy if he still remember every password. Let the users change their passwords at least once a month.

                  Besides that, what can he do with a regular useraccount?
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: Change all passwords

                    I understand that sometimes admin may require users passwords but after they are finished testing the account should be marked for "Change password at next logon" so as to avoid this situation.

                    Just something to remember and advise all your IT staff about

                    Michael
                    Michael Armstrong
                    www.m80arm.co.uk
                    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    Comment


                    • #11
                      Re: Change all passwords

                      Although a nice idea for those who are IT savy, it wouldn't work for us as most of our users are non-computer savy and we'd have to change at least 30 passwords a day, some might be the same user three times in a row. Thanks anyway.
                      |
                      +-- JDMils
                      |
                      +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                      |

                      Comment


                      • #12
                        Re: Change all passwords

                        There was a business or a school in the UK that got sick of L users calling the helpdesk to reset their passwords. So, each time the L user called, the new password got progressively longer and harder to remember. It didn't take long for the L user to get the message and start remembering their password and the helpdesk workload was reduced from doing this tedious task. Lateral thinking is a wonderful tool.
                        1 1 was a racehorse.
                        2 2 was 1 2.
                        1 1 1 1 race 1 day,
                        2 2 1 1 2

                        Comment

                        Working...
                        X