Reset the wrong guys password

egrizzly

I work at our company helpdesk...had a ticket at work for an email issue and I mistakenly reset the wrong guys password. It was a branch managers password. I actually lost sleep thinking about what I should do. I'm wondering:

a) if I should text my manager about it, but then again that'll be admitting fault.
b) if I should call the guy directly...but he'll just get paranoid that we might be reading his email...then call and tell my boss (bad)
c) just let it be...if the guy cant login he'll call back to have the helpdesk reset his password.

I'm liking option "C" very well but something told me I better post this here to get some other opinions.

Mow

Always admit your mistakes. Hiding them will almost always bite you from behind. If you would be found out, there is a level of trust gone.

scaredoftests

It happens. Admit it and move on.

actionhank1786

Definitely don't recommend hiding it.

Sure, it may look bad, but it's an honest mistake. Covering up your mistake is just deliberate no matter how you look at it.

People would rather see that someone made an honest mistake, than made an effort to hide an honest mistake.

si20

When I was working in support, I did this a bunch of times. No one really cares. Just explain to your manager what you did and notify the relevant person by phone and just tell them you made a mistake because another member of staff has the same initials/surname and you'll be good. As long as it doesn't happen every day then it's not a problem. Crap happens.

636-555-3226

Not a big deal to me. Just email, call, or text the guy saying his account password was accidentally reset and to call the help desk once he gets in

dustervoice

Just admit it no big deal.. plus there is most likely and audit trail anyway. Ive done worse so bad i wont even mention it here.:D

Mike-Mike

you have a CCNP and are on the help desk?

markulous

I've managed a help desk and this isn't as uncommon as you'd think. Your boss and the user will likely be very understanding since it's a one time thing. Let your boss know then call the user. If the user doesn't answer leave him a voicemail letting him know to call in to the help desk as his password was accidentally reset.

Don't try to hide things. Admit to your mistakes and learn from them.

gespenstern

Resetting password is logged. As a security guy I'd be interested in what has happened to account that suddenly became inaccessible. I would pull all account operations from SIEM and would see that someone named 'domain\egrizzly' reset this account's password. Then I would find that it is a helpdesk guy who was on his shift at the time. Then I would pass this information to management who would pass it to HR because I don't deal with personnel related issues.

If you chose c your best bet would be to hope that your IS-Security is understaffed and nobody pays attention to logs.

gorebrush

Yeah, own up. I once *deleted* some accounts from a Windows NT4 domain, and because they were education users I were deleting that was no problem. The issue was of course I was deleting the same "named" accounts on the CORPORATE domain and I ended up having a security incident raised and having to explain what I was doing. I then lost my corporate domain privileges (which I should never have had on an NT4 domain) - I wasn't helpdesk or anything so it wasn't too bad.

That was 2004 anyways, things have moved on rather a lot since then

stlsmoore

Def. own up to it.

Not nearly as bad as me accidentally forwarding all calls for a clients main number to the clients CEO desk phone! Oh how I don't miss the days working at a MSP NOC.

Danielm7

I'm with gespenstern, I'd be tracking that down. Just admin you made a mistake and the guy makes a new password, no big deal. It's always 10x worse if you try to hide it and get caught.

CodeBlox

636-555-3226 wrote: »

Not a big deal to me. Just email, call, or text the guy saying his account password was accidentally reset and to call the help desk once he gets in

How can one email the user (assuming using a corporate email system) to advise him about the mistake if he won't be able to access associated email due to the password reset?

Simply admit your mistake and move on. The user will be understanding. It happens.

markulous

CodeBlox wrote: »

How can one email the user (assuming using a corporate email system) to advise him about the mistake if he won't be able to access associated email due to the password reset?

Simply admit your mistake and move on. The user will be understanding. It happens.

The password is cached for a bit, but that's a good observation. Best just to call them.

dustervoice

CodeBlox wrote: »

How can one email the user (assuming using a corporate email system) to advise him about the mistake if he won't be able to access associated email due to the password reset?

Well maybe the company is still using lotus notes which isnt sync to active directory and email is pushed out via MDM just saying...

philz1982

Wow, all I have to say is wow. If that is the worst you've done then don't worry. I once took down the entire HVAC system for a hospital. Clear wiped the database, imported an empty db instead of exporting. Oops , spent 3 days in northern Washington rebuilding it.

Own your mistakes, maybe write a script that evaluates names against the work order in the future. Mistakes are good, repeated mistakes are stupid.

dustervoice

philz1982 wrote: »

Wow, all I have to say is wow. If that is the worst you've done then don't worry. I once took down the entire HVAC system for a hospital.

This is a crime against humanity! deserving of 5 years minimum.

actionhank1786

philz1982 wrote: »

Wow, all I have to say is wow. If that is the worst you've done then don't worry. I once took down the entire HVAC system for a hospital. Clear wiped the database, imported an empty db instead of exporting. Oops , spent 3 days in northern Washington rebuilding it.

Own your mistakes, maybe write a script that evaluates names against the work order in the future. Mistakes are good, repeated mistakes are stupid.

Nice. I got curious about the RJ-45 port on the back of our UPS. I thought I could just plug it into the switch, find it's IP, and check the battery levels and things like that. Turns out...it's a proprietary cable, and it just reset the UPS as soon as I plugged the Cat5e into the switch. That in turn dropped our e-mail server, file server, and application server...dropping all 100 people using it. That was fun to explain as I walked out of the server room with a look on my face that said "****..."

Chinook

If you've lost sleep over it it's likely too late to admit it. But, do keep in mind in some shops all that is audited. If you reset the wrong password they may have a technical paper trail if they bother to check.

Philz1982 is right. Don't sweat it & we all make mistakes sometimes big one. You know, like that guy who loaded up the wrong text file & commenced a reboot of every server in the entire company (think 1000's). Nagios was shining brighter than Al Bundy's effing Christmas lights.

Blackout

Everyone makes mistakes, nobody is perfect. As long as you fix your mistake nobody cares. My old mentor told me that if you aren't breaking stuff your not a real engineer lol.

E Double U

"Just walk away'" - Lord Humungus

Robertf969

I once deleted what I thought was 10+ inactive user accounts and 10+ inactive workstations, and that was in the Military, I got my head bit off but thats par for the course in the Military it was an honest mistake that I owned up too.

blargoe

One time I got an email with a list of users who being terminated. I turned off one guy's access and remotely shut down all of his logon sessions and didn't notice that his termination date was the next day and not THAT day. That was a fun time.

Queue

I've done this many times usually not a big deal, however I've never done it with peoples AD account.

This Monday I accidentally forwarded the entire help desk to voicemail. There were so many voicemail's so fast and it took an hour to fix. Own up to your mistakes.

thronetm

Personally, I wouldn't bother admitting it or even thinking about it.

You reset it by mistake, no one is ever going to know.. just forget about it and the guy will call in to the helpdesk and a techie will give him a new password. No big deal

goldenlight

So that's why my password suddenly stops working..:D If the system you use leaves a paper trail for every account you access, then I would fess up.. As long as you dont do it everyday You should be ok.

NetworkNewb

I've done that once or twice. Accidently selected the wrong the name in AD while trying to be quick... No biggie. Just tell the person you did it to and pretty certain they won't care.

There should be a thread about the worst things people have done. I have been lucky and haven't done anything too terrible. Probably the worst I could think was when I was I had to reimage someone's computer. They had a TON of files on their desktop and documents folder. I was just manually backing up all of it to an external hard drive and instead of copying all the actual files over themselves to the hard drive. What I did was copied over shortcuts to the files. Didn't notice they weren't the actual files until I had reimaged the computer and was putting them back on. That person was not happy!

Sh*t happens

olaHalo

Send him a funny email about how he has to change his password back in order to get into his email.

Anonymouse

Honesty is the best policy. Own up to it.

egrizzly

...actually, to conclude the party I did shoot my manager a quick text. went like this " Heh Josh, I'm gonna be at that weekend move at 10:30am instead of 10a since I'm dropping my brother off at the airport."
line #2 "...oh, btw, before I forget. On ticket #200733 I'm pretty sure I wacked the AD password for the wrong guy. Jim Daniels or something....total accident, lol...just in case he calls in"