4 Replies Latest reply on Dec 9, 2011 10:16 AM by G M

    Helpdesk EEM Permissions

      Hi,

       

      All our standard users on laptops have admin rights level 1 in Safeboot and no admin functions.

       

      Our helpdesk have the following permissions - Users - View properties, create token, reset token perform recovery and allow administration. They all logon to Endpoint encryption Manager with these restricted rights anc each have an admin level of 5 (above that of standard laptop users).

       

      What i've noticed is that the helpdesk are able to right click on the laptop users container and force password change at next logon! We have over 2000 users in this group and would not wish this to be done by mistake/or on purpose! I have found that by stopping the helpdesk from 'reset token' permission this is stopped. Therefore my question is would it necessarily be a problem to create a new token in each instance, even if they are just needing the reset the password back to the default 12345?

       

      Thanks in advance

       

      GM