General discussion

Locked

controlling a wannabe admin

By lbofh ·
Our company has 2 offices. I am responsible for the networks/desktops/phones/anything else with electrons company-wide.
At the remote office, I have a wannabe admin. The problem is, he does not know much about computers/networks/etc. He just thinks he does. He is not interested in learning how to do things the right way, so there is no point in trying to use him in any sysadmin capacity. So, he is not authorized to do any administrative tasks, his responsibility is solely data entry.
He refuses to accept this and management refuses to fire him for the things he has done/attempted to do.
We just migrated to pure Windows 2000 on desktops and servers. I have locked things down so that only admins have privileges to install programs, etc and use a screensaver lock on all servers.
This guy still has not quit trying to mess with things! Has anyone else ever dealt with this? What did you do to combat it? How can I best create a paper trail to prove to the boss that he is violating our policies so he can be terminated?

This conversation is currently closed to new comments.

190 total posts (Page 2 of 19)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Take it personal, use the situation to your advantage.

by PsiFiScout In reply to I think so too

Your self education is/IMHO should be, very personal. Use this guy and the situation as an educational resource. He is a wannabe, you are the admin, so be an admin! Security is part of the job, make it your responsibility to thwart this guy's intrusion. If he thrusts... you parry. Make it your business to ensure he can't penetrate your security. Taking care of the network is the admins duty, so take care of hte network. Keep on top of the situation and make it your responsibility to stay one step ahead of this internal hacker (hack?).

Collapse -

Good Idea for a Security Situation

by isrowley_03 In reply to Take it personal, use the ...

I am in favor of using this as a Security Situation. As the Admin, you and your department should publish a Security Proceedure that would include internal people from over-stepping their responsibilities. I did this last year, at a Company that had no proceedures at all. I wrote new guidelines and sent it to all upper management for approval, then anyone who went around the guidelines was immediately reprimanded. Using the current Global situation, these proceedures were quickly approved by management and once it is in place, anyone who breaks the rules will have to be addressed.

Collapse -

If he has stolen or acquired a password

by Oz_Media In reply to Roles are clear

He is breaching company security. Write out a letter explaining that an unauthorized user had accessed the network using a system administrators password and you are investigating the issue.

Firstly, change the password and disable the one he has used.

Secondly wait about a day and a half and follow up your original letter with an update that you have found the breached account being used after hours and have changed the administrator passowrds while tracking login attempts. This tracking shows you that 'user name' has been using an unauthorized passowrd to access the company network after hours. If he has changed or screwed anything up, include what changes had been made and that this person is havnig an adverse effect on the company's data security and network integrity.

If your employer does not respond to hearing an unknown hacker is in the network, he may respond when you tell him it is an internal security breach. If not, give it about as much attention as the boss does, let the user have at it, just remember to include al the unneccesary fixes on your admin report so that they can see how much time is wasted cleaning up.

Personally, this sounds like more of a comfort zone issue where you feel someone is trying to step on your toes and it is making you feel insecure. Think hard about that one, it is hard to see, harder to realize your own faults and much harder to get over them unles syou realize them.

Collapse -

That's a switch from your first post

by lbofh In reply to If he has stolen or acqui ...

So, do you still think this is just about squashing a "wannabe"?
The password was changed and the account disabled immediately after discovery.

I will think about your advice to write notification letters. I've already suggested something similar to my boss.
However, I already know what my "employer" will think. Although my boss is understands and is furious, the big boss doesn't understand networks/computer security breaches or why it is an issue and may not ever. My boss might be able to get it across to him that we could lose clients if this continued and/or they knew about it, but even then, I don't know that he would do much. So that goes back to my second post about gathering more evidence before anything is taken seriously.
The only thing that would quickly get the attention of the big boss is if his ability to check email is impacted by my "wannabe". <grin>
He would probably also pay attention if systems are downed.

But at that point, isn't it too late?
Clients will complain, management will be angry about lost productivity and they will all want to know why it wasn't prevented. It may impact the bottom line, which is unacceptable. So, I have to disagree with letting someone "have at it" just because an upper manager doesn't understand why it is a problem. He didn't understand the need for the server UPS either, but that didn't mean I didn't push to protect my servers from power problems.

I will seriously consider if there is a comfort zone issue here too. Although I do enjoy reading it, I do not want to turn into the BOFH.
My first thought (besides the bottom line/client impact) is that I have recently spent a lot of long hours cleaning up the remote office's network, documenting, upgrading and securing things, etc, etc, etc.
So, I think if there is any comfort zone issue, it has to do with potentially watching hard work be obliterated. For example, documentation becomes obsolete fast enough without someone making unauthorized changes.
I think that the key is to take earlier advice and back off a little, tighten security/auditing further and watch the guy hang himself. If the situation points out security weaknesses and I learn something in the process then that will be even better.

Collapse -

The difference

by Oz_Media In reply to That's a switch from your ...

In my first post I was replying to your original posting about this wannabe net admin, stepping on toes (in a nutshell).

I still stand by my thoughts on THAT issue completely, I've seen it all too often as well as being on YOUR end and the other guys end of the issue.

All you can do is doscument any breaches, don't bother trying to be big brother or 'catching' him at something, just document breaches that MAY jeopardize security or custoemr records, data integrity etc. If you spend all your time cleaning up again and the boss asks what is going on, you can easily justilfy your work by showing him that it has been an issue for a while and you have informed him before. It is up to him at that point to take action, if not, he can pay you to keep your neyworl clean and up to date. Either way it's a paycheck right?

Collapse -

Group Policy Controls

by djuan.carter In reply to That's a switch from your ...

Since you are running a 2k network the easiest way to lock him out would be using your group policys. I would set a policy specifically for him. Since he probally is using his own computer I would setup his desktop and his permissions so that all he has access to is what is needed for his job. The upper management can't complain about it because you are not hindering what he does.

Collapse -

Why was GP not used previously?

by support In reply to Group Policy Controls

I am not sure I understand why the user's workstation was not locked down from the beginning. On my Win2k network, my users have access to the tasks they must perform daily and nothing else. How else can an Admin say they have true network security if the users can thwart security policies? As far as the Admin password being used - Why is there a situation where two people know the password to one username? It would be better practice to have two usernames with equal access rights and unique passwords. This way if there is a password breach, the user that password was assigned to should have to answer to why the password was used by someone else.

Collapse -

Problem with equivalent rights

by Oz_Media In reply to Why was GP not used previ ...

When assigning your rights (ESPECIALLY as ADMIN) it is a BAD practice to use the Wqual to: feature.

The worst is creating an "equal to:' admin account.

If th eadmin account is damaged and unrecoverable, you have no way of logging in unless the object is available. You will be shut out of your own domain. Someone told me a long time ago to ALWAYA create seperate folder access rights and NEVER use the equal to feature. I did it anyway. Then for some ODD reason my admin account was damaged one day and I couldn't access the server because I was equal to admin an there was no object to compare my own rights to. It took three solid days of copy and pastnig a gazillion files from one server to another to recreate the account without starting over.

So now I will also warn anyone who does this "
!!!NEVER!!!! USE 'EQUAL TO:' for assigning rights. It is a bad mistake and a very lazy one at that.

Collapse -

"Remote" Administrators

by Markinsac In reply to That's a switch from your ...

Here is a thought - give that office a "local" administrator password with some limited, although added, capabilities. Let the guy have his way with machines in that office (set it up so only machines in that office have that account), and track any complaints or problems outside the normal paths.

Good Luck!!

Collapse -

That won't work though

by Oz_Media In reply to "Remote" Administrators

The other guy is not supposed to be in IT, whether his boss knows it or not.

To offer him a way to legitimately screw up things and cause even minor problems is like 'authorizing' him to do so. It is not the admin's job to hand out passwords to users this way and would probably get you fired if the guy caused problems, not the other way around.

If HE screws up the systems, it is due to someone else failing to secure them or leaking passwords.
Not his fault but the fault of the admin.

Back to IT Employment Forum
190 total posts (Page 2 of 19)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums