Asking for Admin password

[Colmadero]

Little background:

I've been working in a MSP as tier 2 (sometimes tier 3) for almost a year and I handle about 85% of incoming requests/emails/calls with another Tier 2 handling the rest.

Here's what I'm asking you guys: Most of the times the problem can be fixed by logging into a server and fixing the issue with a generic, already generated admin password (Let's call it mspadmin) which has access to pretty much anything.

However, there are cases where the issue can only be fixed by logging into a native administrator password which is also standard across the board but that I'm not "supposed" to know. Mind you, EVERYBODY in the company knows the password, except me, including the other Tier 2 who doesn't handle much of the workload as I do due to inexperience. The only reason why this other Tier 2 has the password is because he has been with the company almost 10 years and he was there at its creation but it's not like he is aware of what it can possible do.

So I ask you... what would be the best way to handle this? Sometimes I get an issue which I need administrator rights to fix but I always have to either escalate the issue due to me not having the admin password or bug one of the owners/Tier 3 techs to log me in to the server to then proceed thus forcing me to rely on somebody else.
Thoughts?

[Jaelian]

I would speak to a manager and ask why you dont have the password but the other Tier 2 operator does, and that it is affecting your workload by not being able to have it as it results in you either escalating or having to bother someone else which will then affect their workload as you are having to use their time.

Why is it no one is supposed to know the native admin password? Clearly it is needed for you to be able to complete requests without having to escalate them to Tier 3 when it is not really needed to - and if everyone knows the password why has it not been reset?

[Deleted]

Speak to one of the tier 3's and escalte the problem to them as normal.
when they come down / Connect to log you on, simply ask them "any chance I can get the password, I know what to do when this problem arises again and it will save you wasting your time coming to fix it"

chances are if it is an open secret he will give it to you, if its not then he wont. Other than that there is really not a lot you can do.

[Colmadero]

Speak to one of the tier 3's and escalte the problem to them as normal.
when they come down / Connect to log you on, simply ask them "any chance I can get the password, I know what to do when this problem arises again and it will save you wasting your time coming to fix it"

chances are if it is an open secret he will give it to you, if its not then he wont. Other than that there is really not a lot you can do.

I already did this and they answered by saying "You're 'not' supposed to have it"

Mind you, I DO know the password but refrain from using it until I get a green-light to use it.

[The Kao]

I already did this and they answered by saying "You're 'not' supposed to have it"

Ask how you can change this. Go as high as necessary to get an answer. If that answer is "it's not going to happen" then you know you're running into a steel wall. Either suck it up or, you know, find some other business where they trust you.

[Colmadero]

Shameful bump. I'd like to know what you guys think.

[moremana]

More info needed here.

Has there been a mistrust issue with you in the past, i.e have you done something you weren't suppose to, to any degree, doesn't matter how minute it was?
Is there something in your background history that would warrant this?

etc..

You have only been there a year...maybe more time and trust is needed.

[Erous]

The way I read this and I may have read it wrong so bear with me, I would handle it by passing the issue that requires that specialized access to those that have it. Not your problem. You may feel like you're stepping up to the plate and taking on the additional workload, but in the end you're only taking the workload off of those that are responsible for it.

What this does is frees you up and allows you to focus on those issues that you're capable of solving. In time, as those specialized requests grow and the other team members either mess up, or become overwhelmed, hopefully by then your expertise and 'trust' with the business would not have gone unnoticed and you'll be roped in.

[Vermicious]

If 'everyone' knows the admin password, then it is basically useless as such, especially in case of a disgruntled employee.

Bring that up with your manager. If he brushes it aside, take it HR or his manager. Any executive worth his salary will realize the consequences here.

I find the best practice is for everyone to have a general user account, and admins to each have their own separate admin account with appropriate access.

The 'Super' Admin account should only be known by a select few.

Passwords should be changed on a regular basis, regardless of access level.

This is simple common sense, but that seems to be less than 'common'.

[FuRoRR]

Shameful bump. I'd like to know what you guys think.

I am working as a technician in a big facility where every room needs a certain level of security to enter.Me and my coleagues are separated in 3 Tiers as well me being in T2-having access to everything but a certain server managing the access zones.Depending on the workday i need to work with the access server 4-5 times.Having said that i am the only T2 that has the GO-ahead with using the server.
Your problem is either :
A-Trust issue you need to figure out.
B-Lack of communication AND your boss or manager not being informed of the tools you need to do your job.
If 85% of the requests are handeled by you and you need to use the password in a fair share of that 85% just go have a talk with your supervisor and sort it out...It hurts your and the company's workflow after all...Requests like that ,like machine failure in my job should be handeled and dealth with quickly so explain that you need to have that password to finish tasks fast and clean...That should do the trick
Hope i helped you!

[slime]

For now you do it as the rules say. If you aren't supposed to use that password you don't. Some companies don't take this very seriously and you know better than us how serious your company is about this kind of thing.

But, I would also let my supervisor know that things are being run inefficiently and explain your situation. Your supervisor will either come back and explain why it has to stay that way - or tell you your idea is great and heres the admin password (you already know anyhow ).

- - - Updated - - -

I already did this and they answered by saying "You're 'not' supposed to have it"

Mind you, I DO know the password but refrain from using it until I get a green-light to use it.

That is exactly how to handle it. Red tape sucks you know, but that's how large companies do it. The last thing you want is someone getting insulted because you went around the rules (even if you are doing it better).

[vampzalt]

least privilege ACL & private vLAN?
GG?