User Name
Password
AppleNova Forums » Genius Bar »

IT Request for Admin Username/Password


Register Members List Calendar Search FAQ Posting Guidelines
IT Request for Admin Username/Password
Thread Tools
drewprops
Bastard
 
Join Date: May 2004
Location: Atlanta
 
2009-07-22, 09:30

This morning our IT consultant asked for my iMac's username/password today to help resolve a DNS error being thrown up by two Macs in the office, one of which is mine. As this is my personal machine I politely declined to share that information with him. I don't have anything on the machine to hide, just graphics work for my own side projects, but I'm still trying to understand how or why our office network server would even NEED to have my username/password. The best I understand it, if the server can't access my machine at that admin level it doesn't identify itself on the network and throws up errors.

Can somebody out there give me a better lesson? I hate to sound like I'm guarding the crown jewels... but I am, you know?




...

Steve Jobs ate my cat's watermelon.
Captain Drew on Twitter
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2009-07-22, 10:59

I'm willing to give the consultant the benefit of the doubt, as I may be lacking some crucial information. But the way you're presenting it, you're perfectly right.
  • two of your office's client computers have DNS issues
  • DNS is handled by a network server in the office
  • the consultant would like to check why

Correct?

Does the consultant have access to said server? If so, has he already checked through logs to see if the clients are attempting to fetch information from it at all, i.e. has he exhausted all server-side options of tracking down this problem?

How do the clients know which DNS server to connect to (DHCP?), and do they need to authenticate against it (ActiveDirectory? Some other directory service?)? If your user account is involved in authenticating with DNS, that may explain the request.

At the same time, it's an unusual request, and you're right to be concerned. An admin should have have to ask you your password. They should be able to reproduce it by creating a similar test account of their own.

However, to make things easy, just reset the password to something temporary, give that to him, let him check things, and then set it back to your real password.

Hope that helps
  quote
drewprops
Bastard
 
Join Date: May 2004
Location: Atlanta
 
2009-07-22, 11:07

Quote:
Originally Posted by chucker View Post
I'm willing to give the consultant the benefit of the doubt, as I may be lacking some crucial information. But the way you're presenting it, you're perfectly right.
  • two of your office's client computers have DNS issues
  • DNS is handled by a network server in the office
  • the consultant would like to check why

Correct?

Yes to all of these, except now I understand it may be as many as 4 or 5 machines which are having DNS issues.

Quote:
Originally Posted by chucker View Post
Does the consultant have access to said server? If so, has he already checked through logs to see if the clients are attempting to fetch information from it at all, i.e. has he exhausted all server-side options of tracking down this problem?
Yes and Yes. He's pored through his logs.

Quote:
Originally Posted by chucker View Post
How do the clients know which DNS server to connect to (DHCP?), and do they need to authenticate against it (ActiveDirectory? Some other directory service?)? If your user account is involved in authenticating with DNS, that may explain the request.
Yes, we're DHCP, however I don't know if ActiveDirectory is involved....


Quote:
Originally Posted by chucker View Post
At the same time, it's an unusual request, and you're right to be concerned. An admin should have have to ask you your password. They should be able to reproduce it by creating a similar test account of their own.

However, to make things easy, just reset the password to something temporary, give that to him, let him check things, and then set it back to your real password.

Hope that helps
GENIUS!!!
THIS is something that I had not considered!! Right away then I shall be doing this.

Steve Jobs ate my cat's watermelon.
Captain Drew on Twitter
  quote
alcimedes
I shot the sherrif.
 
Join Date: May 2004
Send a message via ICQ to alcimedes  
2009-07-22, 11:08

Or just set up a new account with admin rights and give him that password. Unless he has 20 min. on your machine it won't be a real issue. You can change that one when he's done.

I'm guessing he wanted to log into your machine and verify your network settings to see if you have the conflicting IP address hard coded in there, or if you're looking to the wrong DNS server.

Google is your frenemy.
Caveat Emptor - Latin for tough titty
I tend to interpret things in the way that's most hilarious to me
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2009-07-22, 11:25

Quote:
Originally Posted by alcimedes View Post
Or just set up a new account with admin rights and give him that password.
It depends on whether the issue is account-based or machine-based. I assumed the former since I would otherwise expect an admin to be smart enough to just create another account on the machine.
  quote
Bryson
Rocket Surgeon
 
Join Date: Feb 2005
Location: Whitby
 
2009-07-22, 12:53

Hmm. I can understand why the admin wanted the password: he was probably just insuring himself against being mid-fix, needing to quickly do something, and coming up against a password block. It's just a time saver to have that info to hand.

Seriously, if he's any good and he wants your data, he'll have it if he has physical access to the machine, password or no password. I wouldn't worry about it.
  quote
drewprops
Bastard
 
Join Date: May 2004
Location: Atlanta
 
2009-07-22, 12:58

I need an illustrated children's book version of the processes that are going on between the file server and its clients... you know, to explain why the server needs to have password access to a particular machine. Naturally, the first paranoid thought in MY bucket is that some remote control application is being placed on my machine surreptitiously.

Quote:
Originally Posted by chucker View Post
It depends on whether the issue is account-based or machine-based. I assumed the former since I would otherwise expect an admin to be smart enough to just create another account on the machine.

Well you know, I do have a "guest" account that I created on this computer which I could offer up to him.... ooops, he's gone for the day. He'll be back in 2 weeks though!


...

Steve Jobs ate my cat's watermelon.
Captain Drew on Twitter
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2009-07-22, 13:00

Quote:
Originally Posted by Bryson View Post
It's just a time saver to have that info to hand.
There are ethical concerns, and it's questionable that it even does save time. I don't know the network setup at Drew's company, but 1) the admin will already have a network-wide account, with the proper privileges, accessible from any client machine, 2) the user may not have admin privileges, especially not for accessing the servers, but possibly not even for their own workstation, 3) the admin will have their account set up for easy access to network log/trace/etc. tools. I occasionally log in as someone else, but only when I just can't reproduce a problem they're having, and only under their supervision or their explicit consent.

Quote:
Seriously, if he's any good and he wants your data, he'll have it if he has physical access to the machine, password or no password. I wouldn't worry about it.
That's true, but I don't question is motives; more his competence.
  quote
drewprops
Bastard
 
Join Date: May 2004
Location: Atlanta
 
2009-07-22, 13:07

Oh now, he's a good guy with a good company. I'm totally not worried about that, at least no more worried than I normally am. He asked me straightforward for the login information and tried to explain the issue he was having. Now he did say that he could just "hide" me or something, which would effectively remove me from showing up as a server error, but I'd like to be able to help him get a clean solution to the issue.



...

Steve Jobs ate my cat's watermelon.
Captain Drew on Twitter
  quote
Justin
Member
 
Join Date: Feb 2009
Location: Miami!!!
 
2009-07-24, 13:56

If you have a computer that you bring into the office and connects with the office network you can't expect it to be 100% private. I agree the IT guy doesn't need your password, but why not just log him into your computer and let him check whatever he needs to check?
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Sudden "Bad Request" response at password log-in shoppercharlie Genius Bar 1 2008-12-02 07:36
Admin password? Fahrenheit Genius Bar 7 2008-02-19 16:17
Forgot admin password Sargasm Genius Bar 7 2008-01-02 21:43
Resetting admin password in OS 8.6 PKIDelirium Genius Bar 2 2006-12-08 19:13
Username change? Kraetos Feedback 58 2006-05-20 17:22


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 04:59.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2020, AppleNova