Official password policies

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
Post Reply
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

Official password policies

#1

Post by rbeede »

The ward clerk has asked that I obtain a list of all the Windows accounts and their passwords on the ward computer. (The stake setup the computer with multiple accounts, all admin, for use. I know that isn't the norm but that is how the stake wanted it).

I saw on the wiki some official MLS information about each person having their own username and password that they don't share. We won't record the passwords in that case.

What about official policy on not writing down the Windows password? The idea is to print off the list and store it in the clerk's office locked in a cabinet. Is there any official policy about not doing this? References please.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#2

Post by aebrown »

rbeede wrote:The ward clerk has asked that I obtain a list of all the Windows accounts and their passwords on the ward computer. (The stake setup the computer with multiple accounts, all admin, for use. I know that isn't the norm but that is how the stake wanted it).

The stake controls the computer and thus the Windows accounts, and the ward doesn't really have any right to obtain all the Windows accounts and passwords. The ward clerk can ask, and if the STS chooses to share, I suppose he can, but he certainly doesn't have to. I am the STS in my stake, and I have an admin account on all the computers, and I personally would never share those account credentials with any ward clerk. The stake president has this information safely locked away (just in case I am for any reason unavailable and the passwords are needed).
rbeede wrote:I saw on the wiki some official MLS information about each person having their own username and password that they don't share. We won't record the passwords in that case.

That's correct regarding MLS passwords, as documented in the MLS users article.
rbeede wrote:What about official policy on not writing down the Windows password? The idea is to print off the list and store it in the clerk's office locked in a cabinet. Is there any official policy about not doing this? References please.

I don't know of a specific official policy on that topic, but standard security practices would certainly make one wary of storing a written password anywhere near the computer.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

#3

Post by rbeede »

We really don't need the stake admin account information. He just wants all the logins for the local leaders (each organization has its own username). I'm guessing since there isn't any policy on having multiple accounts for Windows there isn't any official password policy for it either.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

#4

Post by aclawson »

What is the advantage of having multiple accounts? Since MLS required admin access to function properly anybody who used the machine would have full admin rights and could therefore get into any of the other accounts whenever they wanted?

Confidential files should be encrypted and protected with a password individually. If you want to make things more secure and convenient than that then a TrueCrypt (or similar) volume can be created that allows you to encrypt what is essentially a folder.
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#5

Post by russellhltn »

aclawson wrote:What is the advantage of having multiple accounts?
In case someone does something dumb with the main account, there's a backup admin account for fixing it.
aclawson wrote:Confidential files should be encrypted and protected with a password individually.

According to policy, "The MLS database is stored on the computer’s hard drive. Other confidential files should not be stored on the hard drive. They should be saved on external media and locked in storage when not in use."

You can add encryption on top of that if you wish, but it's not required.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

#6

Post by rbeede »

The other advantage is that non-confidential files like templates for documents and other things are separated for each user. That way the clerk's templates (like agenda forms) aren't cluttered in with the EQ or other users.
Post Reply

Return to “Clerk Computers”