Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Allowing users to manage passwords

Status
Not open for further replies.
ottge

ottge

Technical User
May 2, 2005
22
0
0
US
Hello,

I have been delegated as a system administrator, and would like to know what the pros and cons of allowing domain users to control changing their own passwords at their own leisure are. I have typically been under the impression that keeping a list of users passwords was the best option to take. ANy suggestions are much appreciated. Thanks.
 
Sort by date Sort by votes
I don't see a problem with allowing users to be able to change there passwords when they want to. By default they are able to accomplish this when they use Ctrl+Alt+Del logon screen.

Keeping a list of passwords I don't understand. As an Admin if you need to access an account, of say a user who has left the company, just change the password yourself. Having a list hanging around of all the users passwords would be a security risk.

My two cents...
 
Upvote 0 Downvote
ottge

I have always found that using domain security settings (group policies)settings of passwords gives you security on the network. Allowing users to change their passwords is an old adage that is true today.

Using domain security settings you can have your users change thier password after any given length (I usely run anywhere from 30 to 60 days)
Enforce password history (so they cannot repat the same password)
And should they meet complexity requirements

All this can be set in a group policy

As far as keeping a list of users password you would need to keep the password so they never change otherwise the list is useless - this breaks all the security laws since people give out their passwords from time to time.

My suggestion is keep the security (allow them to change password) and if you need to log in as them go to the AD and change the password of the user so you can log in as them - just remember to reset it to "User has to change password on next login" after you have finished what you are doing



bob

"ZOINKS !!!!!"

Shaggy

 
Upvote 0 Downvote
Only problem would be when you change the password of a user in AD and then enforce user must change password at next logon, user will be required to enter old password that is something you changed it to thru AD. dont forget to tell the password you set it to.
 
Upvote 0 Downvote


Good pick up piyu75 - just plain fergot about that part - oh well

I find its not very often I have to login as a users - but I have had to change password and I can tell you using the

"Meet the complexity requirements" is a real pain in the

Anyway have fun

bob

"ZOINKS !!!!!"

Shaggy

 
Upvote 0 Downvote
Easy set all reset passwords to the same thing forcing the forgetful user to change it on first log on:
ABC123##
P@ssword
abc123XYZ!!

Simple to remember.

Iain
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
89
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
106
microsGuy16
microsGuy16
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
51
penguinroundup
penguinroundup
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
73
hairlessupportmonkey
hairlessupportmonkey
tviman
  • Locked
  • Question
How to restrict RDP users to the desktop 2
Replies
13
Views
115
strongm
strongm

Part and Inventory Search

Sponsor

Back
Top