RE: [cobalt-users] Qube3 - Disable Password Reset

["Jolley, Carl" <Carl.Jolley@xxxxxxx>]

-----Original Message-----
From: Malcolm McLeary [mailto:mmcleary@xxxxxxx]
Sent: Tuesday, June 18, 2002 10:04 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Qube3 - Disable Password Reset


Hi David,

on 19/6/02 11:46 AM, David Lucas wrote:

> Maybe they should secure the server.  If they are that concerned with
> someone resetting it, are they worried they might carry it off?

Physical security is obviously an important factor in any security plan.

The situation is that the admin password will be set, documented and locked
in a safe.  Management functions will be allocated to different user
account.  Normal IT management staff will not have knowledge of the admin
password.  What they want to avoid is some disgruntled user simply resetting
the password change things and then leave the organisation.

Mine is not to question why ... ;-)
______________________________________________

Perhaps, but OTOH maybe someone is so focused on
an answer that they don't realize they may be asking
the wrong question.
 
My "so what" question is, if a disgrundled user changes
the admin password and then leaves the organization,
how hard is it for a properly authorized person
to change it back? What, they don't have a paper
clip? The procedure for retrieving the password
and restoring it or just selecting a new one should
be one additional page of documentation in the company's
disaster recovery or business continuity plan which should
be somewhere off-site in a separate locked and fire-proof
safe. BTW, the sceanario need not be a nefarious as a
disgruntled person changing it and leaving the company.
What if nobody changes the password but all the people who
know it are suddenly and unexpectedly "unavailable", perhaps
permanently? You don't allow all the people who knon the
admin password to be together in the same room? What about
the the same buliding or same city?