Tweet
No Suck involved on the part of any human in this story.
[Glossary]
SecNet - Secure Network. Primary network used by The Client.
LowNet - Non-secure Network, has Internet access for most users at The Client.
[Background]
Rules at The Client state that we, the IT Service Desk, are NOT permitted to verbally give users the temporary passwords to any system we reset, except for SecNet. If we need to reset the password for LowNet, we send the user an encrypted email on SecNet containing the temporary password.
[Here's What Happened]
So it's around 6pm when User calls me. She'd logged into LowNet earlier in the day, but hadn't been on it for most of the afternoon, so her LowNet computer had idle-locked. User was getting ready to go home for the day and needed to unlock the computer so she could log out of LowNet-- but it would not accept her password. After several failed attempts to re-enter her password, her LowNet account locked. Problem 1.
I unlocked the account, but it still would not accept her password, so she needed it to get reset. No problem, I reset her LowNet password and, per the rules, sent her an encrypted email on SecNet-- fortunately, she was still logged in there-- and... it wasn't showing up in her inbox. Problem 2.
Oh, but wait, there it is. She just needed to manually refresh her mailbox. This sometimes happens, it's always just a temporary issue that goes away on its own. So she opens the email... but doesn't see the password. Instead she just gets some strange file that it asks if she wants to open or save, and if she wants to open it, to select the application. Problem 3.
I'm befuddled by this, but I have a suspicion I know what might be causing it. I ask for permission to remote into her SecNet computer to confirm my suspicions. She agrees, I do so, and yup, I was right. So I update her encryption certificates. These sometimes expire or 'go bad,' and updating them is a relatively simple process. So we're updating the certificates, and almost done when the system throws up an error. A relatively common error for this kind of thing, but still, that makes Problem 4.
So I go about the steps of updating an entry in her system to correct the certificate error, and complete the update process. Now User can see the temporary password I sent her in the encrypted email. I disconnect from remote assist, and she goes onto her LowNet computer try the temporary password-- and gets an error that says her password has expired, and to change it she'll need to log into another computer to do so. Problem 5. However, this is not an error that I have any ability to fix or override.
At this point, both User and I are exasperated that something so simple should run into so many complications, especially when all she wants to do is log off of LowNet to go home.
So, I tell User to go ahead and do a hard-shutdown on her LowNet computer. This will log her off of LowNet in the process. Then tomorrow, when she comes in, she can go ahead and use the temporary password I provided to log into a different LowNet computer to change her password. Since the temporary password is good until she changes it, this can wait until tomorrow.
So User does what I suggest and goes home, and I'm left shaking my head at all the hoops we had to jump through to fix one little problem. Sigh.
[Glossary]
SecNet - Secure Network. Primary network used by The Client.
LowNet - Non-secure Network, has Internet access for most users at The Client.
[Background]
Rules at The Client state that we, the IT Service Desk, are NOT permitted to verbally give users the temporary passwords to any system we reset, except for SecNet. If we need to reset the password for LowNet, we send the user an encrypted email on SecNet containing the temporary password.
[Here's What Happened]
So it's around 6pm when User calls me. She'd logged into LowNet earlier in the day, but hadn't been on it for most of the afternoon, so her LowNet computer had idle-locked. User was getting ready to go home for the day and needed to unlock the computer so she could log out of LowNet-- but it would not accept her password. After several failed attempts to re-enter her password, her LowNet account locked. Problem 1.
I unlocked the account, but it still would not accept her password, so she needed it to get reset. No problem, I reset her LowNet password and, per the rules, sent her an encrypted email on SecNet-- fortunately, she was still logged in there-- and... it wasn't showing up in her inbox. Problem 2.
Oh, but wait, there it is. She just needed to manually refresh her mailbox. This sometimes happens, it's always just a temporary issue that goes away on its own. So she opens the email... but doesn't see the password. Instead she just gets some strange file that it asks if she wants to open or save, and if she wants to open it, to select the application. Problem 3.
I'm befuddled by this, but I have a suspicion I know what might be causing it. I ask for permission to remote into her SecNet computer to confirm my suspicions. She agrees, I do so, and yup, I was right. So I update her encryption certificates. These sometimes expire or 'go bad,' and updating them is a relatively simple process. So we're updating the certificates, and almost done when the system throws up an error. A relatively common error for this kind of thing, but still, that makes Problem 4.
So I go about the steps of updating an entry in her system to correct the certificate error, and complete the update process. Now User can see the temporary password I sent her in the encrypted email. I disconnect from remote assist, and she goes onto her LowNet computer try the temporary password-- and gets an error that says her password has expired, and to change it she'll need to log into another computer to do so. Problem 5. However, this is not an error that I have any ability to fix or override.
At this point, both User and I are exasperated that something so simple should run into so many complications, especially when all she wants to do is log off of LowNet to go home.
So, I tell User to go ahead and do a hard-shutdown on her LowNet computer. This will log her off of LowNet in the process. Then tomorrow, when she comes in, she can go ahead and use the temporary password I provided to log into a different LowNet computer to change her password. Since the temporary password is good until she changes it, this can wait until tomorrow.
So User does what I suggest and goes home, and I'm left shaking my head at all the hoops we had to jump through to fix one little problem. Sigh.