When we setup new users, we set the password as expired, meaning the first time they sign on, they will have to assign a password known only to them. We have no assurance that this will actually be used by THAT person.

That is MY RULE, however, sometimes the manager of a new user ASKs for an exception, meaning the security officer sets up the new user with a password that is now known to IT, the new user, and the manager of the new user.

When someone forgets their password, we set them up again as if they were a new user, same sign-on, same expired scenario.

We also have turn-over where the signon for TOM is now being used by DICK who took over TOM's job, then later DICK leaves, and HARRY is using it. For this reason, I occasionally share list of sign-ons (along with date last used) with HR to find out if we have any of this kind of scenario where some folks ought to be assigned their old password.

Once upon a time, we had a bunch of people in same dept, using same sign-on, where our software license was based on # of users, and that dept (e.g. shipping / receiving) was one work station, several floating users. Fortunately I have managed to wean managers off of this concept, except for the work stations that are signed on all the time for general factory worker inquiry.

look at the default for password on
CRTUSRPRF.  We get some who says "we gotta have a signon for ...".  Then
they never actually sign on and change their password.

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page