Space Pirate
Join Date: May 2004
Location: Atlanta
|
This morning our IT consultant asked for my iMac's username/password today to help resolve a DNS error being thrown up by two Macs in the office, one of which is mine. As this is my personal machine I politely declined to share that information with him. I don't have anything on the machine to hide, just graphics work for my own side projects, but I'm still trying to understand how or why our office network server would even NEED to have my username/password. The best I understand it, if the server can't access my machine at that admin level it doesn't identify itself on the network and throws up errors.
Can somebody out there give me a better lesson? I hate to sound like I'm guarding the crown jewels... but I am, you know? ... |
quote |
‽
|
I'm willing to give the consultant the benefit of the doubt, as I may be lacking some crucial information. But the way you're presenting it, you're perfectly right.
Correct? Does the consultant have access to said server? If so, has he already checked through logs to see if the clients are attempting to fetch information from it at all, i.e. has he exhausted all server-side options of tracking down this problem? How do the clients know which DNS server to connect to (DHCP?), and do they need to authenticate against it (ActiveDirectory? Some other directory service?)? If your user account is involved in authenticating with DNS, that may explain the request. At the same time, it's an unusual request, and you're right to be concerned. An admin should have have to ask you your password. They should be able to reproduce it by creating a similar test account of their own. However, to make things easy, just reset the password to something temporary, give that to him, let him check things, and then set it back to your real password. Hope that helps |
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
Quote:
Yes to all of these, except now I understand it may be as many as 4 or 5 machines which are having DNS issues. Quote:
Quote:
Quote:
THIS is something that I had not considered!! Right away then I shall be doing this. |
||||
quote |
I shot the sherrif.
|
Or just set up a new account with admin rights and give him that password. Unless he has 20 min. on your machine it won't be a real issue. You can change that one when he's done.
I'm guessing he wanted to log into your machine and verify your network settings to see if you have the conflicting IP address hard coded in there, or if you're looking to the wrong DNS server. Google is your frenemy. Caveat Emptor - Latin for tough titty I tend to interpret things in the way that's most hilarious to me |
quote |
‽
|
It depends on whether the issue is account-based or machine-based. I assumed the former since I would otherwise expect an admin to be smart enough to just create another account on the machine.
|
quote |
Rocket Surgeon
Join Date: Feb 2005
Location: The Canadark
|
Hmm. I can understand why the admin wanted the password: he was probably just insuring himself against being mid-fix, needing to quickly do something, and coming up against a password block. It's just a time saver to have that info to hand.
Seriously, if he's any good and he wants your data, he'll have it if he has physical access to the machine, password or no password. I wouldn't worry about it. |
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
I need an illustrated children's book version of the processes that are going on between the file server and its clients... you know, to explain why the server needs to have password access to a particular machine. Naturally, the first paranoid thought in MY bucket is that some remote control application is being placed on my machine surreptitiously.
Quote:
Well you know, I do have a "guest" account that I created on this computer which I could offer up to him.... ooops, he's gone for the day. He'll be back in 2 weeks though! ... |
|
quote |
‽
|
There are ethical concerns, and it's questionable that it even does save time. I don't know the network setup at Drew's company, but 1) the admin will already have a network-wide account, with the proper privileges, accessible from any client machine, 2) the user may not have admin privileges, especially not for accessing the servers, but possibly not even for their own workstation, 3) the admin will have their account set up for easy access to network log/trace/etc. tools. I occasionally log in as someone else, but only when I just can't reproduce a problem they're having, and only under their supervision or their explicit consent.
Quote:
|
|
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
Oh now, he's a good guy with a good company. I'm totally not worried about that, at least no more worried than I normally am. He asked me straightforward for the login information and tried to explain the issue he was having. Now he did say that he could just "hide" me or something, which would effectively remove me from showing up as a server error, but I'd like to be able to help him get a clean solution to the issue.
... |
quote |
Member
Join Date: Feb 2009
Location: Miami!!!
|
If you have a computer that you bring into the office and connects with the office network you can't expect it to be 100% private. I agree the IT guy doesn't need your password, but why not just log him into your computer and let him check whatever he needs to check?
|
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Sudden "Bad Request" response at password log-in | shoppercharlie | Genius Bar | 1 | 2008-12-02 07:36 |
Admin password? | Fahrenheit | Genius Bar | 7 | 2008-02-19 16:17 |
Forgot admin password | Sargasm | Genius Bar | 7 | 2008-01-02 21:43 |
Resetting admin password in OS 8.6 | PKIDelirium | Genius Bar | 2 | 2006-12-08 19:13 |
Username change? | Kraetos | Feedback | 58 | 2006-05-20 17:22 |