[27599] in resnet
Re: Handling of passwords for personal equipment brought in for service
daemon@ATHENA.MIT.EDU (Chris Webster)
Mon Apr 30 14:52:24 2012
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=047d7b10c861a341f504bee9e527
Message-ID: <CAL_ebD=2-je=nVRV-8yGvLQeREtAg=TRs-i4LC7WF9MsMmxHmA@mail.gmail.com>
Date: Mon, 30 Apr 2012 14:47:55 -0400
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Chris Webster <chris.webster@ncsu.edu>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <OFBC448928.64DDED9E-ON852579ED.00712AF9-852579F0.005807B6@fordham.edu>
--047d7b10c861a341f504bee9e527
Content-Type: text/plain; charset=ISO-8859-1
We only repair student-owned machines (aka personal machines). These range
from having no password at all, to having user passwords in the OS, to BIOS
or hard drive passwords. We've encountered a couple of people who use the
password for their campus account on their local machine, but we only
discover that if their password hint is something obvious like "same as
NCSU password."
When we're working with the customer present (on issues resolved in 30
minutes or less), we just ask them to type it in when we hit a password
prompt. If they leave it with us for service, the only passwords we ask for
are BIOS/hard drive passwords that prevent the machine from booting. If we
realize that one of those passwords are on the system before the customer
leaves, we just ask them to remove it. If we discover it after the fact, we
give them a call and ask them to either give it to us or come in and remove
it. If they give it to us, usually we just remove it because it's easier to
do that than to have to type it in every single time (and keep track of
where it's written down, etc.).
Any OS passwords we simply clear with bootable utilities. We use the Offline
NT Password <http://home.eunet.no/pnordahl/ntpasswd/> disk for Windows, the
OS X install media for Mac, and we don't touch Linux, Unix, or BSD
machines, but I know there are tools you can use to reset those passwords
as well. Once you get into the groove of the Windows reset disk, you can
easily clear a password in < 1 minute.
We haven't run into any major problems with this method in the 4 years
we've been open. The only issue is that depending on OS configuration, the
login screen may still come up even though the password is blanked, and
that has confused a couple of people. Easily resolved by telling the user
to leave it blank and press "Enter." Overall this process is much easier
and more secure than trying to keep track of passwords, since users tend to
re-use one password/variant for everything.
I should also add that before we do any work on these systems without the
student present, we make a full disk image with Ghost. So if a reset causes
some problem with the OS or the data, we can always restore it back to the
state it was in when they left it with us.
-Chris
On Mon, Apr 30, 2012 at 12:01 PM, Cesar A Nau <nau@fordham.edu> wrote:
> Good afternoon all,
>
> I wanted to get some opinions as to how your respective service centers go
> about handling passwords for personal equipment that are brought in for
> service.
>
> The typical scenario here is that when a customer has a problem with their
> computer, they bring it to one of our IT Customer Care Centers and if the
> computer is required to stay for an extended period of time ... we ask the
> customer for their password in order to access / install / un-install apps
> on their computer as necessary.
>
> When the computer is repaired and returned, we advise the student to
> please reset their password to something that only they would know.
>
> Our IT Security group does not agree with this method, as they would like
> for the customer to never give anyone their password.
>
> I completely understand from a security standpoint ... but for repair
> purposes, and taking into consideration the time it will take to repair,
> having to ask the customer to come back in order to enter their password
> each time, and overall customer satisfaction ... I just don't think its
> possible.
>
> Therefore I would like to know how you guys handle it at your schools.
>
> - Do you guys require that they provide you with their password for
> repair?
> - Do you guys require that the customer return and enter User name and
> Password each time?
> - Do you guys require that the customer change their password when
> leaving their computer?
>
>
> Any feedback would be appreciated.
>
> Thanks.
>
> ============================
> Cesar A. Nau
> Assistant Director
> IT Customer Care
> Fordham University
> (718) 817-4598
> nau@fordham.edu
> www.fordham.edu/HelpIT
> ============================___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html___________________________________________________
>
--
Chris Webster
Senior Technician
OIT Walk-in Center
North Carolina State University
Ph: 919.513.2676
Fax: 919.513.2945
Email: chris.webster@ncsu.edu
Web: http://go.ncsu.edu/wic/
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--047d7b10c861a341f504bee9e527
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
We only repair student-owned machines (aka personal machines). These range =
from having no password at all, to having user passwords in the OS, to BIOS=
or hard drive passwords. We've encountered a couple of people who use =
the password for their campus account on their local machine, but we only d=
iscover that if their password hint is something obvious like "same as=
NCSU password."<div>
<br></div><div>When we're working with the customer present (on issues =
resolved in 30 minutes or less), we just ask them to type it in when we hit=
a password prompt. If they leave it with us for service, the only password=
s we ask for are BIOS/hard drive passwords that prevent the machine from bo=
oting. If we realize that one of those passwords are on the system before t=
he customer leaves, we just ask them to remove it. If we discover it after =
the fact, we give them a call and ask them to either give it to us or come =
in and remove it. If they give it to us, usually we just remove it because =
it's easier to do that than to have to type it in every single time (an=
d keep track of where it's written down, etc.).</div>
<div><br></div><div>Any OS passwords we simply clear with bootable utilitie=
s. We use the=A0<a href=3D"http://home.eunet.no/pnordahl/ntpasswd/">Offline=
NT Password</a>=A0disk for Windows, the OS X install media for Mac, and we=
don't touch Linux, Unix, or BSD machines, but=A0I know there are tools=
you can use to reset those passwords as well. Once you get into the groove=
of the Windows reset disk, you can easily clear a password in < 1 minut=
e.</div>
<div><br></div><div>We haven't run into any major problems with this me=
thod in the 4 years we've been open. The only issue is that depending o=
n OS configuration, the login screen may still come up even though the pass=
word is blanked, and that has confused a couple of people. Easily resolved =
by telling the user to leave it blank and press "Enter." Overall =
this process is much easier and more secure than trying to keep track of pa=
sswords, since users tend to re-use one password/variant for everything.</d=
iv>
<div><br></div><div>I should also add that before we do any work on these s=
ystems without the student present, we make a full disk image with Ghost. S=
o if a reset causes some problem with the OS or the data, we can always res=
tore it back to the state it was in when they left it with us.=A0</div>
<div><br></div><div>-Chris<br><br><div class=3D"gmail_quote">On Mon, Apr 30=
, 2012 at 12:01 PM, Cesar A Nau <span dir=3D"ltr"><<a href=3D"mailto:nau=
@fordham.edu" target=3D"_blank">nau@fordham.edu</a>></span> wrote:<br><b=
lockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px =
#ccc solid;padding-left:1ex">
<font face=3D"sans-serif">Good afternoon all,</font>
<br>
<br><font face=3D"sans-serif">I wanted to get some opinions as to
how your respective service centers go about handling passwords for persona=
l
equipment that are brought in for service. </font>
<br>
<br><font face=3D"sans-serif">The typical scenario here is that when
a customer has a problem with their computer, they bring it to one of our
IT Customer Care Centers and if the computer is required to stay for an
extended period of time ... we ask the customer for their password in order
to access / install / un-install apps on their computer as necessary.</font=
>
<br>
<br><font face=3D"sans-serif">When the computer is repaired and returned,
we advise the student to please reset their password to something that
only they would know.</font>
<br>
<br><font face=3D"sans-serif">Our IT Security group does not agree
with this method, as they would like for the customer to never give anyone
their password.</font>
<br>
<br><font face=3D"sans-serif">I completely understand from a security
standpoint ... but for repair purposes, and taking into consideration the
time it will take to repair, having to ask the customer to come back in
order to enter their password each time, and overall customer satisfaction
... I just don't think its possible.</font>
<br>
<br><font face=3D"sans-serif">Therefore I would like to know how you
guys handle it at your schools.</font>
<br>
<ul>
<li><font face=3D"sans-serif">Do you guys require that they provide
you with their password for repair?</font>
</li><li><font face=3D"sans-serif">Do you guys require that the customer
return and enter User name and Password each time?</font>
</li><li><font face=3D"sans-serif">Do you guys require that the customer
change their password when leaving their computer?</font></li></ul>
<br><font face=3D"sans-serif">Any feedback would be appreciated.</font>
<br>
<br><font face=3D"sans-serif">Thanks.</font>
<br>
<br><font face=3D"sans-serif">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>
Cesar A. Nau<br>
Assistant Director<br>
IT Customer Care<br>
Fordham University<br>
<a href=3D"tel:%28718%29%20817-4598" value=3D"+17188174598" target=3D"_blan=
k">(718) 817-4598</a><br>
<a href=3D"mailto:nau@fordham.edu" target=3D"_blank">nau@fordham.edu</a><br=
>
</font><a href=3D"http://www.fordham.edu/HelpIT" target=3D"_blank"><font fa=
ce=3D"sans-serif">www.fordham.edu/HelpIT</font></a><font face=3D"sans-serif=
"><br>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D</font>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
</p></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>Chris We=
bster<br>Senior Technician<br>OIT Walk-in Center<br>North Carolina State Un=
iversity<br><br>Ph: 919.513.2676<br>Fax: 919.513.2945<br>Email: <a href=3D"=
mailto:chris.webster@ncsu.edu" target=3D"_blank">chris.webster@ncsu.edu</a>=
<br>
Web: <a href=3D"http://go.ncsu.edu/wic/" target=3D"_blank">http://go.ncsu.e=
du/wic/</a><br>
</div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--047d7b10c861a341f504bee9e527--
