We use EEPC 7.1 to encrypt all of our laptops.
I've created one admin account to be used on each laptop as a backup means to access an encrypted laptop.
I am trying to determine what password policy, if any, gets enforced on this account. I've created the account User Management/User Directory area.
Does/would this account fall under the policy that would govern a regular user account? Currently the policy for password change is every 60 days which coinsides with our AD policy.
I ask this as I would like to be sure that the password for this account will not expire.Message was edited by: DKB223 on 7/7/14 11:45:38 AM GMT-06:00
a user is a user so to speak.
Creating a "backdoor account" though is really bad security practice - you should be assigning administrators to the machines (using their personal account etc). And, creating backdoor accounts with non-changing passwords, even more trouble.
shared backdoor admin accounts break all the rules of auditability etc.
While I do agree with you, we've had cases in the past where that account was our only means of accessing a laptop to resynch a password token.
We are using individual admin accounts that each of our helpdesk personnel have. They are logging in with those accounts when needed.
We had a shared account once before, but occasionally, the password would change and lead to much confusion.
I feel more comfortable having a failsafe since it's been useful to us in the past as I stated above. Only two of us know the password to this account.
That doesn't make it any better, I realize, but.........
Any EPO admin can always do a recovery on a machine - you don't need a user account on the machine itself, and even if it's been deleted from EPO it can be decrypted....