General discussion

Locked

Terminating Employees

By sister-Inlaw ·
A network admin needs to be terminated from a position. She is a brilliant person and I wouldn't put anything past her. She has been administering the domain and users on win2k and NT servers for a while. What steps do I need to take to ensure proper security is in place for right after termination, and disallowing any outside connections?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Terminating Employees

by Ann777 In reply to Terminating Employees

1) Disable her account.
2) Rename the Administrator account.
3) Change the password to the Administrator Account.
4) Go through the entire Administrator Group and make sure no unauthorized accounts are there (she may have created another account -- a ficticious person -- in order to have a back door into the network).
5) Go through the entire user database and make sure that everyone that is there that should be there -- that there are no ficitious persons.
6) You might recommendthat everyone change their passwords (especially if she tends to remember passwords) or you might want to force a password change across the network.

She cannot connect from outside unless she has a username and password of anyone in the organization that can. If you perform all 6 steps, then your network may be fine. But one other alternative exists... if she has an inside "friend."

Collapse -

Terminating Employees

by Ann777 In reply to Terminating Employees

"can one 'hide' any user accounts in win2k?"
Active Directory? No you cannot "hide" user accounts.

"OR is there a master 'tree level' account to log in as?"
You log in as yourself and with Administrator priv on the network, you can do anything with Active Directory.

"How can I check for existing vpn accounts/terminal services (they would need a user account correct?)"
Yes, if the user account is disabled or deleted, then they cannot log in. VPN is "private network" -- without an active login/password, they cannot get in. Same with TS.

Collapse -

Terminating Employees

by sister-Inlaw In reply to Terminating Employees

can one 'hide' any user accounts in win2k?. OR is there a master 'tree level' account to log in as? How can I check for existing vpn accounts/terminal services (they would need a user account correct?)

Collapse -

Terminating Employees

by BeerMonster In reply to Terminating Employees

Hi,
okay, there may well be more here than meets the eye - but as someone who was laid off a couple of times before I got smart and went to university the idea of someone 'needing' to be 'terminated' gets my goat. Isn't it strange that the 'Brilliant' techie is being shown the door, but the person asking the questions that any first year, helpdesk burger flipper wouldn't need to ask is (presumably) secure in their employment....

Collapse -

Terminating Employees

by sister-Inlaw In reply to Terminating Employees
Collapse -

Terminating Employees

by jcmcintyre In reply to Terminating Employees

INform the person of the termination, and give the admin respionsibilities to another employee immediately.

Make sure the new admin has the ability to disable / remove ALL user accounts the old admin might have. Remeber, we don't do everything bylogging in as admin

Make sure your new admin checks the system out completely for unauthorized accounts / connections. If you don't hire a new admin, get a reputable security professional to audit the system after the admin is let go.

If this person is as good as you say, they will be able to compromise without you realizing it.

Collapse -

Terminating Employees

by Bristar In reply to Terminating Employees

I agree with the first response. In addition to that, I would check around the bootable records on the servers just in case she might have planted any "time-bomb" viruses.

By the sounds of the situatiuon, I would suggest that if you were to terminate her -- especially in the position that she is in -- have somebody trusted watch her clean out her desk on the spot and not allow her to touch her computer once she has been told. Then immediately implement the above steps to secure your network. Keep watching your log file periodically for discrepancies.

Oh and ignore BeerMonster. Obviously he needs to get a life and realize that keeping a job requires more than education.

Collapse -

by tjc In reply to Terminating Employees

make it a long term process of removing the person. have the network admin work with a jr network admin until they learn the ins and outs (use the excuse of needing to expand the servers and anything else a manager from the world of Dilbert can think up) and then after the new person is ok with the running of the network remove the current admin from there job to a lesser position but call it with a name that sounds more important (for a while) and then once the jr is sure of everything is ok then remove the network admin and you are free and clear.

Collapse -

by tjc In reply to

also having them sign a confdentailly agreement and anythign else like "code of conduct" and even redo there parking passes and keys to the offices during all of this so everything seems normal.

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums