Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Password of the day for SEP disable or uninstall

Created: 08 Mar 2012 • Updated: 13 Mar 2012 | 5 comments
ScottM 2's picture
0 Agree
2 Disagree
-2 2 Votes
Login to vote
Status: In Review

The SEP manager could, based on date as a criteria seeded with the encryption key from the site, offer up a limited use password for disable or uninstall. The idea is that the master uninstall password which is also used for stoping the SMC service may not be something you want to propogate, changing it publishes new policy to all clients in that group, also something you may not want to do frequently. In the SEPM in the details for the group would be 1 or two daily generated vaues which could be given to support personel with no concerns that down the road they will use these without authorization. The client would have this criteria when the package was built, so it could calculate this daily password as long as its clock is somewhat correct.

- Scott

Comments 5 CommentsJump to latest comment

Elisha's picture

What if we added a one-time password?  This would be a password that would be seen on the SEPM console for the support personnel to use for a specific client.  This password would only work once and only for that particular client.

+3
Login to vote
ScottM 2's picture

That could work, but would such a thing work in the case of a broken client that isn't talking to the site? If you needed to access 50 uncommunicative clients, would you need to provide the on-scene tech with 50 passwords to match with systems?

I like date salted with the encryption key from the site the package was built with. Really though this is an interesting idea but would only in the rarest situations come into play, maybe the more limited solution would be used more.

0
Login to vote
Elisha's picture

Yes, this would work in cases where the client is broken.

0
Login to vote
thatdude's picture

This is like a dynamic token. Safe boot/McAfee uses a code of the day to recover the encrypted disk and it's a PITA

0
Login to vote
David Da Fonseca's picture

The idea of a one-time password should be very useful for support !

0
Login to vote