A legitimate system admin will **NEVER** need your password.

The only reason he would ask for your password would be to use it without his own accounts being tracked and logged in the system.

If he did need to use your account, such as to verify permissions to a remote share or system, he could simply reset the password himself, log on using it, then inform the client they needed to reset their password. The problem with that is his resetting the password could be tracked in the system event logs.

Not a problem if you are doing legitimate business with the documentation to support what you’re doing, but a big deal if you are trying to hide what you’re doing.