Friday, November 16, 2007

When someone asks if you are a god. . .

I received a call from a user today who was having problem after problem with her passwords. The short explanation after half an hour of troubleshooting is that she is part of a pilot program that has Call Center employees working from home with a special version of remote access running. This somehow links ther logins in such a way that if their Windows and Remote Access password do not match, then the login will fail. Here problems had been that she would have a problem with her Windows password, the Help Desk would reset that but she'd call back a few minutes later with a Remote Access password issue. The Help Desk would reset that but then her Windows password wouldn't work.

As I said, I spent half an hour working out a procedure that ultimately involved the Help Desk setting her Windows password to what she told the Help Desk she wanted it to be and then having her synch up her Remote Access password.

She was overjoyed that her weeks of problems on and off had (at lest, we think so) had been solved by me. She had called previously and I had worked with her on an issue on the same day she had been working with the personal issues of a death in the family. She was so grateful then and was so grateful now that she called me "a Help Desk god."

If I played by the rules and never went over the recommended 7 minute talk time, these issues would never be solved. It is my independence and refusal to conform to arbitrary rules that allow me to solve real problems. And in this issue, there are three:

1) There are only about a dozen people in this pilot program so if they call the Help Desk do not make it known to the analyst that they are Call Center Remote Access users, their password reset will fail because the analyst will assume they need the same sort of passwords that the thousands of other users need.

2) The analysts need to be informed of this procedure. If they don't do it correctly, the reset will fail.

3) Support needs to get on the ball and fix the application. This procedure has the inherently insecure procedure of the Help Desk knowing what password the user has chosen. While we really don't care and probably couldn't do anything with it anyway, it is still a security issue that must be resolved.

No comments: