General discussion

Locked

controlling a wannabe admin

By lbofh ·
Our company has 2 offices. I am responsible for the networks/desktops/phones/anything else with electrons company-wide.
At the remote office, I have a wannabe admin. The problem is, he does not know much about computers/networks/etc. He just thinks he does. He is not interested in learning how to do things the right way, so there is no point in trying to use him in any sysadmin capacity. So, he is not authorized to do any administrative tasks, his responsibility is solely data entry.
He refuses to accept this and management refuses to fire him for the things he has done/attempted to do.
We just migrated to pure Windows 2000 on desktops and servers. I have locked things down so that only admins have privileges to install programs, etc and use a screensaver lock on all servers.
This guy still has not quit trying to mess with things! Has anyone else ever dealt with this? What did you do to combat it? How can I best create a paper trail to prove to the boss that he is violating our policies so he can be terminated?

This conversation is currently closed to new comments.

190 total posts (Page 3 of 19)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Absolutely

by MacAries In reply to "Remote" Administrators

The IT guy with the "company wide" don't mess with my network ego could could foster an ally and learn a little more about W2K with this guy in the remote office by using the active directory to set him up as a remote admin.

Collapse -

Documentation

by buschman_007 In reply to That's a switch from your ...

I agree with the sentiments that you need to lock the wannabe's account down as much as possible. You need to track everything you do and come up with contengency plans for anything he might be able to access and mess up. It's not like you're going out of your way as you should be doing this anyways as the admin. But I think documentation is the key.

I am the engineer at the HQ of my company and have to deal with an Admin in the India office. We are polite to each other and that's about all I can say about him personally. Professionally we bump heads all the time when those grey area's arise. One of the more bitter fights we got into was about fixing poor video conferencing settings over the routers. To make a long story short, we both consulted Cisco on our own and came up with our own code. It got into a nasty back and forth. Rather childish and stupid, so it's not like I don't understand where your frustration comes from. In the end my Boss suggested I just bite my lip and be the one to back off the argument first. I did and allowed him to use his code first. In the end he calmed he fixed it it, but he used my code with one minor syntax tweak. I used documentation to prove whose code fixed the problem. My boss understood, so even if that wannabe thinks he got the upper hand, my boss knows the truth and I have the documentation to keep my butt gainfully employed.

Like the others said, don't take it personally, but protect yourself from an intrusive user if management is unwilling to do something. If and when the fit hits the shan, then they can't touch you with a ten foot pole. You warned them, they ignored your warnings. You tried to stop him, but he persisted. You have a backup plan ready to go, but the inconvenience is their own fault for not listening to you in the first place and taking your advice more seriously. You end up saving the day and hanging him out to dry.

Not saying you should set a potential disaster up for him to fall in, but be ready for anything that might come your way. Your increased readiness will only make you a sharper admin.

Good Luck,
Mike

Collapse -

password

by wmijangos1 In reply to If he has stolen or acqui ...

hi,

we have a server nt 2000 and we forgot the password, how can i have access to the server to change the password?

thanks

Collapse -

recover local and domain passwords

by ahleychris In reply to password

Google NT Password Recovery Domain Contoler


There are about a millon sites showing you how to do it, takes about 90 seconds to do it with the "linux NT rape disk" and 3 minutes with 2K Recovery Console. You must do it localy.

Collapse -

by VinceLyons In reply to Roles are clear

It's obvious that the password was written down on a note by one of those authorized to use it and the note was found.

So, part of your problem is your administrator passwords are too long and cryptic to be kept in non-volatile brain.

Collapse -

Bathroom wall

by Oz_Media In reply to

That's my guess

"for a good hack, call "aDmIn@**1!!"

Collapse -

access lists

by csobott In reply to

Have you tried placing an access list restriction on any incoming ip or tcp traffic from his ip address on any server that you want him out of on your router? Placing your servers in a particular VLAN on your switches would also keep him out. If you can't get it done from the Microsoft prospective try it from the Cisco side.

Collapse -

may be not a leak?

by vectra-v6 In reply to

We dont know the level of skill this wannabe has but maybe he has not seen the admin password written down.
He works at the remote office, if he has unrestricted physical access to the system, knowledge of how use, and a copy of, NTFS DOS he could simply be extracting the SAM file and decrypting it off-site. Is he this smart?
Finding the source of his passwords is the key to starting to keep this hacker out.

Collapse -

Hardware password capture

by beardd In reply to

The password doesn't have to have been writen down. I caught a guy who had PHYSICAL access to his fellow employee's workstations - using a HARDWARE keylogger from http://www.keyghost.com!

Collapse -

What??????? What about LC4!

by viper777 In reply to

One of the departments I had serviced in the past had so much restriction, a legit programmer couldn't even install his products without making times and requests and having some there to allow installations of setup and runtimes as they wouldn't let him install things on his own. Worked in the same department but the IT administrator does have a big ego to contend with. He believed nothing could challenge his pride and joy, so keeping some things secret helped stop giving a feel of threat to him. If he invited me to demonstrate how easily it could be done on his system, he would freak and would refuse to acknowledge it.

If someone has "power" or "administrator priv" on their own computer, all you do is use LC4, a product that can read virtual passwords and find all accounts, and decode it to find out the Administrator's password within a short time - with the cable unplugged from the back, then later clear all logs just in case. I've used this on rogue users' computers who had changed the admin local password and so on - works well.

The piece of paper bit may have occured but one could have used a hardware logger - the unit can be plugged in between the keyboard and computer - the computer won't sense it and some models can take up to 1 million keystrokes or more. To retrieve it, you enter a unique password - one that noone else could ever type and the unit stream the keyboard capture data to wordpad etc and the computer believes it is coming from the keyboard itself. There isn't anything available to combat this let alone detect it! So why you are all saying this and that, if someone wants to get in and has a fair amount of info OR have one of these units, they will get in - like it or not. With the unit, I can carry away some bosses Confidential report if I had installed the unit before they come in, and take the unit home to my PC - all is revealed...

Back to IT Employment Forum
190 total posts (Page 3 of 19)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums