What are the arguments for and against a network policy where the sys admin knows users passwords? [closed]

security password permissions privacy

Solution 1:

A sysadmin should be able to access any files a user has, unless they're encrypted, in which case the user's Windows password won't help. Having the system knowing the passwords means that you can never know if a user did something, or a sysadmin did, which could cause a lot of problems if you ever get into a dispute. The passwords would have to be stored somewhere, which means there's the potential for them to be lost. Finally, users will find it harder to remember a password they didn't create.

The pros are that there's no need to reset passwords, but you'll have to remind users of them. It also makes it easier to login to users accounts, but outside of testing or diagnosing a problem, this isn't needed, and you can get the passwords on a case by case basis then.

There really isn't any reason to do this, it creates a lot of problems, for no real gain.

Solution 2:

There is no justification. A sysadmin can change the password if needed but they should not know or store it.

There are only cons.

What about my private information that I expect HR to keep private?

Finding out where I live because I took their parking space... posting my salary on the internet... passing on information to an ex.. emailed porn to the management has my name attached...

I'd be surprised if a company has such a policy written down.

Related

How to manually create Puppet CA and certificates?
How to disable SSL 2.0 on IIS 7.5? [duplicate]
Good PC-based video conference control tools? [closed]
Disable history for only one task in the Task Scheduler Library?
Automatic contrast and brightness adjustment of a color photo of a sheet of paper with OpenCV
Automatically initialize instance variables?
Heatmap in matplotlib with pcolor?
iPhone 6 and 6 Plus Media Queries
Finding whether a point lies inside a rectangle or not
CUDA incompatible with my gcc version
How do I install PyCrypto on Windows?
Java AES and using my own Key