4 Replies Latest reply on Mar 24, 2017 9:16 AM by ssb1979

    Unauthorized admin access

    ssb1979

      I have two technicians who are somehow granting themselves and one other technician admin access to our webhelpdesk. I have repeatedly removed their access, changed my administrator password, even renamed my admin account but they managed to grant themselves access again this week.  My supervisor and I are the only two who should have access to the admin account and neither of us are changing the permissions.  While we deal with the personnel issue, can someone help me understand if there is another way they are obtaining the admin password? We are running version 12.5 and host it in house on a VM windows server. The two techs do have admin access to the server so I suspect they are somehow modifying the database. I've tried looking for security logs and didn't find any.

       

      Any help would be great.  I'm pretty new to WHD and am still getting up to speed.

        • Re: Unauthorized admin access
          kellytice

          if they are modifying the database and editing the Tech table, they could grant themselves access that way.    You could likely change the password on the database.

          2 of 2 people found this helpful
          • Re: Unauthorized admin access
            richardf456

            You need to create a "Tech Permissions" group for your technicians and add them only to this group under the web help desk settings. Then under "Other Permissions" un-check the "View Techs & Groups" permission. You'll want to carefully review the other permissions too. It sounds like to me they are able to see the Techs and Groups and are just going in and simply changing themselves from "Tech" to "Admin".

             

            As for the database & servers, you should secure that too.

            1 of 1 people found this helpful
            • Re: Unauthorized admin access
              cpacifico

              I agree with Richardf456, DEFINATELY secure the databases and setting groups for permissions is much easier to manage moving forward.

              • Re: Unauthorized admin access
                ssb1979

                Thanks for the help everyone, I double checked my group permissions and was also able to change the database password as well.  Unfortunately changing the server password isn't an option (long story) but at least I've got WHD access tightened up.