Nathan, that was sound advice. Changing passwords is a critical portion of IT security. My survey experience has shown this does not occur; worse yet, they are written on "postem's" stuck to front or sides of the screen. One person competing for a Darwin award had a printed card marked "my passwords" taped to the top of the desk.
Enjoy the day,
Bill

You can have yoursystem set up to automaticaly require password changes after a predetermined period.
The FD I retired from had this set up.

Unfortunately, most of the hardware routers, gateways, etc do not have this ability, since "no one should have access to them." The issue, of course, is that the second you place a wireless router in your network, all external threats just became internal. Same for loose and active ethernet ports.

Many a penetration tester has simply walked into a conference room with a laptop and gotten into the ultra-secure LAN fron the inside. And if the company is using default passwords on the interior routers/gateways/firewalls, etc... Then he controls every one of them as Admin.

Every place I work, except one, has this policy.

The other ISSUES passwords and does not let the employee change them. Ever.

I was told it is so that IT has a record of my password and can log in to my account. I was under the impression that in an NT enviroment an Admin could see everything I did - am I wrong?

EMTjon, One of the stations was caught viewing **** by the "Geek Squad" and web priv was almost jerked for the whole department so I would say they could tap into the stream to/from the stations.

Yes, a Windows Administrator account can use Terminal Services or Remote Desktop to view what a client account on another PC is doing.

As far as the "Geek Squad," heh. Its trivial to catch someone viewing websites they're not supposed to. A 4th grader can pull up the cache of where you've been as well as Internet Explorer's history, and know every site you've went to.

That kind of silliness is generally smoke and mirrors, designed to justify spending 300 dollars to plug a 90 dollar Wireless Router in, set a unique password, and leave.

A real IT security department would of been e-mailed by the snort daemon the moment one of your PCs was watching ****, and had the firewall route your request for the website to an internal LAN webpage stating the policy and that breaches in policy are flagged for review.