I don't think you should have their passwords to be fair.
A member of staff asked the computing head this lunchtime in the canteen, I wasn't there at the time but he was questioning why I (as network manager) have access to all staff usernames and passwords.
I've written a short explanation which I'm puting up on the schools intranet, I'm sure most staff aren't in the slightest interested in it, but there's always someone. Fact is I can't be bothered to look through everyones files, send emails as them or browse dodgy websites in order to get them into trouble... it would risk my job for starters and I have better things to do!
Here is roughly what I've written although it might change and I'll have to * some things out :P
Staff internet, e-mail and network passwords are accessable by only one member of staff - the network manager (NM). The network manager by default has access to each and every folder, file and device on every networked computer within the school, there are no files that the NM cannot access, delete, copy or edit. This is an operational need and is the case in every network and in every organisation. There is simply always someone who has to have access to everything.
A NM does not need your username or password to access your files.
In addition, the NM also has access to usernames and passwords for all users on the network, so what prevents a NM from abusing his/her position?
Whenever anyone, including the NM access any web page from within the school the follow details are recorded:
1. Username of the person accessing the page.
2. Date/time of access.
3. Computer that the access was made from. (Important for tracing people).
In addition when you send an e-mail it records the date/time and the IP address of the computer that it was sent from and displays there in the header of the e-mail, these IP addresses are unique within the council and can allow the NM/I.T. Services to pin down a computer sending virus/fakes/malicious e-mails within seconds.
So what prevents a NM from modifying your files for a joke?
Short answer - nothing. Any NM will have the knowledge to spoof, fake, hack or otherwise alter a file with ease and make it appear that it has been done by someone else. The simple fact is that the NM is hired because of his/her knowledge of computers and as such the council has to put a certain amount of faith in his or her integrity. I.T. staff in general don't find peoples files particularly exciting, they spend long enough looking at a computer screen without doing so for fun.
Any member of staff who wishes me to remove their password need merely ask and I will, however please remember that this may mean contacting I.T. services and a 5-7 day wait if you forget it at a future date. I.T. services only usually deal with the NM as the schools point of contact and as such only the NM can log faults or account changes with them, you may however contact I.T. services yourself on *********** if you would like to change your password, however ironically, you will have to them tell the NM what your password is to enable you to access the network.
Staff passwords (and I only have about 60% of staffs passwords anyway) are held in one file, which is encrypted and held within my own folder on the server. Nobody else in this school can ever gain access to this folder, only I.T. services and the NM can.
I don't think you should have their passwords to be fair.
You don't need their passwords... just the ability to change them WHEN they forget them.
I wouldn't say it's common for a NM to have user passwords - quite the opposite in fact... so why do you have them??
Why do you have their passwords? I just change them on the server if they forget them
I as network manager do not (and don't wish to have) access to any staff or students passwords.
If they forget their password I will reset it and force the user to cahnge it next time they logon.
All staff and students are responsable for thier own accounts and not knowing thier passwords removes the possibility if blame !
We just tell them it's one-way encrpytion and it is impossible to 'read' their passwords - we can only reset them.
But also make it clear that we don't need their password to access their personal area.
I only have them as the central I.T. department more or less refuse to deal with teachers directly in secondary schools. As such I have to be e-mailed the passwords.
I have absolutely no need for them, don't particularly want them however several of them have asked me to "keep note" of the passwords as they tend to forget them after holidays and it prevents them writing them down and placing them in their desks (anyone else noticed this?).
I don't particularly like having them sent to me but sadly it's out of my control because it's done at the I.T. services department.
Its always best not to know staff passwords.
I just tell everybody that I cannot see their passwords, the only thing I can do is reset them, and require them to change them at first logon.
The network, internet and e-mail servers don't share passwords, it's annoying but I.T. services (councils central department) won't or hasn't managed to get it all integrated yet.Originally Posted by Midget
Eventually the internet and network login passwords will be the same (so I can let staff change them anytime) but at the moment the network passwords are locked so they can't alter them.
Some staff have problems remembering one password, which doesn't expire and frankly would never remember two or three that had 2/3 month expiry dates set (what I'd like to do..).
They email you the passwords?? ....oh dear... :?Originally Posted by Halfmad
When I was at college, the passwords for students were generated by the IT Team and given to them when they joined.
Due to the amount of people that 'forget' their password, when the passwords were generated at the beginning of each year, they were also printed off and handed to the support desk in the learning centre.
This way, any student that forgets their password only needs to go to the support desk in the learning centre to be told what it is. The support desk in the learning centre was separate to IT Support, so IT Support were rarely bothered about forgotten passwords. It must have saved them a lot of time.
Is this some kind of joke? Or should this be published on "Worse than Failure" (formally thedailywtf)
Yup and it's something I've been pulling my hair of over for years. Not only that they have in the pass called me to tell me a password, got another member of staff and told them the password. It's pathetic at times.Originally Posted by Netman
Sadly because of the way things are currently setup I've no choice but to access e-mailed passwords.
I'm due to have my 2003 domain clustered later this year (when god only knows) and at that time I'll be able to get people to reset their network and internet passwords, which should HOPEFULLY sort this situation out.
However it'll remain the same for pupils as apparently they'll never be allowed to change their own passwords
So you don't run your own AD then?
I just tell staff that I can not see their password, I just change it and force them to change on log on.
There are currently 1 users browsing this thread. (0 members and 1 guests)