|
Posted by Doug McIntyre on June 30, 2008, 12:13 pm
If you were Registered and logged in, you could reply and use other advanced thread options
onthax@gmail.com writes:
>I am having an argument with a coworker, who thinks it is fine to
>decrypt users passwords to migrate files, as it is faster and more
>convenient than having the users resetting their passwords.
>I am sure this is almost never necessary, is a horrible invasion of
>privacy, and quite possibly illegal.
Illegal? How so?
The servers would belong to your company. All data on them including
user account info/username/passwords/etc would belong to your
company. If you are authorized by your company to do what admin work
you need to do, ultimately you are working for your company as per
their policies. (ie. this extends to email, any and all files on the
company equipment, etc. If you don't want your company to know
anything personal, don't put anything personal on their systems).
If anything, this is a policy issue decided by the CIO or whatever
passes as such at your company. If they have authorized you to do
your work and this is necessary to do your work, then thats their
policy allowing it.
Not sure why an admin would even need a user password to do file
migrations in the first place, just do it and update whatever pointer
to where they are.
| 
XML site map