Policy for Resetting Passwords for Users



Policy for Resetting Passwords for UsersUsers should try to reset their own password whenever possible, using normal processes such as…the standard CTRL-ALT-DEL process in Windowsthe Change My Password script on the new domain's Y: Drivethe password reset link available on the webmail login page for the old domainWhen IT resets a password for a user, we need to make sure we are talking to the user themselves by seeing them in person or recognizing their voice on the phone.If the account has expired or been disabled, we need pre-approval from a supervisor in the department or their Technology Committee representativeVerbal approval from the supervisor is sufficient, after verifying the supervisor's identity (in person or by voice)No supervisor approval is required for regular, active users to have their own password resetWhen IT resets a password for someone other than the account holder, we need pre-approval from the appropriate authority.If the request for access is related to a person's departure from the organization, IT should work to disable account access instead.Temporary access to the account may be given to the department, with a set time limit of no more than 30 daysArrangements should be made within 30 days to disable the account, transfer files/messages to a supervisor, and handle new files/messagesIf a supervisor needs access to complete work while someone is out of the office, IT needs a written request from the supervisor (email is sufficient)A higher level supervisor, Department Director, or Technology Committee representative in the department is acceptableThe department representative should be asked to make plans to notify the user prior to or immediately after their returnIf the request is related to a personnel action, IT and the department representative should both notify HR and the IT Manager as soon as feasibleIf the request for access comes from HR, the Assistant City Manager, or City Manager, IT will proceed as with a department supervisor/representativeIT, HR, or CM office should notify the department as soon as feasible so they can complete any other necessary stepsAny requests from an elected official or law enforcement officer should be coordinated with the IT Manager or Assistant City Manager as soon as feasibleWhen working on a password issue for a user, IT should endeavor to not know or find out the user's current or new password.When resetting a user's password, IT may set the account with a temporary password so that the user must change to their own password on next login.If technical issues require setting a temporary password without having the system immediately require a reset, IT should instruct the user to change the password as soon as feasibleIT should remind the user to change their password on any devices using auto-logon procedures (such as smartphones and tablets) to minimize the chance of lockoutPlease let me know if there are any related questions/concerns that I can address for you.Thanks,Gus BushIT Manager, City of San Rafael ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download