Password of the day for SEP disable or uninstall
The SEP manager could, based on date as a criteria seeded with the encryption key from the site, offer up a limited use password for disable or uninstall. The idea is that the master uninstall password which is also used for stoping the SMC service may not be something you want to propogate, changing it publishes new policy to all clients in that group, also something you may not want to do frequently. In the SEPM in the details for the group would be 1 or two daily generated vaues which could be given to support personel with no concerns that down the road they will use these without authorization. The client would have this criteria when the package was built, so it could calculate this daily password as long as its clock is somewhat correct.
- Scott
Comments 5 Comments • Jump to latest comment
What if we added a one-time password? This would be a password that would be seen on the SEPM console for the support personnel to use for a specific client. This password would only work once and only for that particular client.
That could work, but would such a thing work in the case of a broken client that isn't talking to the site? If you needed to access 50 uncommunicative clients, would you need to provide the on-scene tech with 50 passwords to match with systems?
I like date salted with the encryption key from the site the package was built with. Really though this is an interesting idea but would only in the rarest situations come into play, maybe the more limited solution would be used more.
Yes, this would work in cases where the client is broken.
This is like a dynamic token. Safe boot/McAfee uses a code of the day to recover the encrypted disk and it's a PITA
The idea of a one-time password should be very useful for support !
Would you like to reply?
Login or Register to post your comment.