It was a relatively typical day in the IT department; My fellow admins and I were working on the network, ensuring everything was running smoothly. We had been receiving a high volume of requests from users, so I was glad to have help from some fellow admins on the helpdesk lines. I was especially delighted when a fellow domain admin told me they had shared their password with a user who was unable to connect their laptop to the network while working from home, so that the user could attempt to repair the issue without coming in to the office.
Their DOMAIN ADMIN password.
It was a genius move, I thought to myself, as I rolled my eyes. Now the user will have unrestricted access to the network, without the need for the IT department to get involved. Yay, less support calls! After all, who needs best practices in security when you have a user at home who can’t figure out how to get their laptop connected but suddenly has what amounts to root access?