3 Replies Latest reply on Jul 7, 2014 1:27 PM by SafeBoot

    Accounts Created On EPO Server Question


      We use EEPC 7.1 to encrypt all of our laptops.


      I've created one admin account to be used on each laptop as a backup means to access an encrypted laptop.


      I am trying to determine what password policy, if any, gets enforced on this account. I've created the account User Management/User Directory area.


      Does/would this account fall under the policy that would govern a regular user account? Currently the policy for password change is every 60 days which coinsides with our AD policy.


      I ask this as I would like to be sure that the password for this account will not expire.


      Message was edited by: DKB223 on 7/7/14 11:45:38 AM GMT-06:00
        • 1. Re: Accounts Created On EPO Server Question

          a user is a user so to speak.


          Creating a "backdoor account" though is really bad security practice - you should be assigning administrators to the machines (using their personal account etc). And, creating backdoor accounts with non-changing passwords, even more trouble.


          shared backdoor admin accounts break all the rules of auditability etc.

          • 2. Re: Accounts Created On EPO Server Question

            While I do agree with you, we've had cases in the past where that account was our only means of accessing a laptop to resynch a password token.


            We are using individual admin accounts that each of our helpdesk personnel have. They are logging in with those accounts when needed.


            We had a shared account once before, but occasionally, the password would change and lead to much confusion.


            I feel more comfortable having a failsafe since it's been useful to us in the past as I stated above. Only two of us know the password to this account. 


            That doesn't make it any better, I realize, but.........

            • 3. Re: Accounts Created On EPO Server Question

              Any EPO admin can always do a recovery on a machine - you don't need a user account on the machine itself, and even if it's been deleted from EPO it can be decrypted....