That is MY RULE, however, sometimes the manager of a new user ASKs for an exception, meaning the security officer sets up the new user with a password that is now known to IT, the new user, and the manager of the new user.
When someone forgets their password, we set them up again as if they were a new user, same sign-on, same expired scenario.
We also have turn-over where the signon for TOM is now being used by DICK who took over TOM's job, then later DICK leaves, and HARRY is using it. For this reason, I occasionally share list of sign-ons (along with date last used) with HR to find out if we have any of this kind of scenario where some folks ought to be assigned their old password.
Once upon a time, we had a bunch of people in same dept, using same sign-on, where our software license was based on # of users, and that dept (e.g. shipping / receiving) was one work station, several floating users. Fortunately I have managed to wean managers off of this concept, except for the work stations that are signed on all the time for general factory worker inquiry.
look at the default for password on CRTUSRPRF. We get some who says "we gotta have a signon for ...". Then they never actually sign on and change their password.
This mailing list archive is Copyright 1997-2015 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact