cancel
Showing results for 
Search instead for 
Did you mean: 
DKB223
Level 7

Accounts Created On EPO Server Question

We use EEPC 7.1 to encrypt all of our laptops.

I've created one admin account to be used on each laptop as a backup means to access an encrypted laptop.

I am trying to determine what password policy, if any, gets enforced on this account. I've created the account User Management/User Directory area.

Does/would this account fall under the policy that would govern a regular user account? Currently the policy for password change is every 60 days which coinsides with our AD policy.

I ask this as I would like to be sure that the password for this account will not expire.

Message was edited by: DKB223 on 7/7/14 11:45:38 AM GMT-06:00
0 Kudos
3 Replies
SafeBoot
Level 21

Re: Accounts Created On EPO Server Question

a user is a user so to speak.

Creating a "backdoor account" though is really bad security practice - you should be assigning administrators to the machines (using their personal account etc). And, creating backdoor accounts with non-changing passwords, even more trouble.

shared backdoor admin accounts break all the rules of auditability etc.

0 Kudos
DKB223
Level 7

Re: Accounts Created On EPO Server Question

While I do agree with you, we've had cases in the past where that account was our only means of accessing a laptop to resynch a password token.

We are using individual admin accounts that each of our helpdesk personnel have. They are logging in with those accounts when needed.

We had a shared account once before, but occasionally, the password would change and lead to much confusion.

I feel more comfortable having a failsafe since it's been useful to us in the past as I stated above. Only two of us know the password to this account. 

That doesn't make it any better, I realize, but.........

0 Kudos
SafeBoot
Level 21

Re: Accounts Created On EPO Server Question

Any EPO admin can always do a recovery on a machine - you don't need a user account on the machine itself, and even if it's been deleted from EPO it can be decrypted....

0 Kudos