So what do you do when a system administrator has left the company and no one knows the password for their system? You use the reset password link of course :) Unfortunalty, in our case the system admin had used their personal email account for the password reset feature. While this was against our SOP and security policies the fact is it happens. Hopefully you’re applying message hygiene policies on your outbound mail.
I’m using Trend Micro’s InterScan Message Security Suite (IMSS). All applications sending mail must first go through my IMSS server. So I created a policy that looked for adminname(at)hotmail.com and redirected it to the new administrator using his internal company account. This sent the password reset link to the new admin. Crisis averted.
No comments:
Post a Comment