Re: Workstation deployment question

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

This is a routine scenario in my environment.

We offer to reset the user password to something and make them aware of the
temp password until we notify them that the admin work is complete.

Otherwise, they just write the password down or email it to us. This is a
horrible practice, I know.

How bout shimmy'n over to some of my RIS questions Shenan? Are you
available by email by chance?

Regards

"Shenan Stanley" wrote:

jd wrote:
Question:
I am a Domain Admin in a Server Group and it is time for me to get
a new notebook (workstation) again. The OS on the workstation will
be either XP or possibly Vista. Every couple of years the
Workstation Group comes over and requests my username and password
in order to setup my new notebook.

The Workstation Group states the following when I express I would
rather
NOT give them my password. "In order to insure a seamless
transition for the client when deploying turnkey replacement
equipment, the Workstation Group has customarily requested security
credentials. This is necessary because there are a number of
applications (core included), that are client profile specific such
as Lotus Notes, iHeat, and VPN. Without the credentials, we cannot
complete the installation and configurations."

It would seem to me that Microsoft's Windows must have some
workstation creation and deployment method or utility for
workstation deployment that does not require a user to provide
their password. Especially when you are a Domain Admin and highly
sensitive data could be obtained using a Domain Admin account.

Can anyone please provide me with some knowledgeable insight so I
may champion a change regarding this current company policy?

They could just change your password and give it to you when you need
it/when they are done.

Although it does simplify things when you know the user's credentials - it
is not necessary *if* the user is knowledgable and can finish some of the
setup themselves OR the tech support has time/social skills and can sit with
the user after their initial setup of the machine (with all software and a
decent starting default user profile) and have the user logon as necessary
to finish the required setup.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html



.

Relevant Pages

  • Re: Workstation deployment question
    ... I am a Domain Admin in a Server Group and it is time for me to get ... a new notebook (workstation) again. ... in order to setup my new notebook. ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: SBS 2003 Premium Setup of end users.
    ... user from the local Administrators group on the workstation. ... I saw an entry for domain users and I deleted it. ... complete the initial setup of the user. ... computer which is the current Workstation1 unit. ...
    (microsoft.public.windows.server.sbs)
  • Re: users must be local admin but this means domain admin can be locked out
    ... and audit all workstation group membership from the domain instead of having ... > If you delete the domain admin from the machine, domain admin can login, ... Can modify the users and groups *that they have created.* ... operating system services or modify operating system files ...
    (microsoft.public.win2000.security)
  • RH to Debian migration
    ... I have recently taken over as the admin of a small lab at school. ... over the lab setup. ... Workstation, so they setup one RHN account, added all 10 machines and then ...
    (Debian-User)
  • Re: SBS 2003 Premium Setup of end users.
    ... domain users group to the local Administrators group on the workstation. ... After the initial setup, those permissions are not needed and the user ... This workstation computer has been a stand alone unit for many years so ... That hard drive currently resides on the Workstation1 unit as a spare ...
    (microsoft.public.windows.server.sbs)