General discussion

Locked

controlling a wannabe admin

By lbofh ·
Our company has 2 offices. I am responsible for the networks/desktops/phones/anything else with electrons company-wide.
At the remote office, I have a wannabe admin. The problem is, he does not know much about computers/networks/etc. He just thinks he does. He is not interested in learning how to do things the right way, so there is no point in trying to use him in any sysadmin capacity. So, he is not authorized to do any administrative tasks, his responsibility is solely data entry.
He refuses to accept this and management refuses to fire him for the things he has done/attempted to do.
We just migrated to pure Windows 2000 on desktops and servers. I have locked things down so that only admins have privileges to install programs, etc and use a screensaver lock on all servers.
This guy still has not quit trying to mess with things! Has anyone else ever dealt with this? What did you do to combat it? How can I best create a paper trail to prove to the boss that he is violating our policies so he can be terminated?

This conversation is currently closed to new comments.

190 total posts (Page 4 of 19)   Prev   02 | 03 | 04 | 05 | 06   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

IT vs staff

by warpindy In reply to Roles are clear

From you last replay you stated that this guy got a hold of your closly guarded admin password. That I would say is a big volation of procdures and put your company at risk for on so many differnt levels. My question is it documented in logs that this person at this remote workstation used the password and logged? If have this then go back to your boss and state to them that he has voliated sever and workstation security. Stress to your boss that if a problem should arise that the IT dept would take more hit than the person you the password leaked out to.

Good look.

Collapse -

Do some recon on his system

by rpatton In reply to Roles are clear

This wannabe may know more than you think. The admin password may have been found through a key logger or an old program called Lopht Crack. I suggest a group policy and restricting what this user can and cannot access. You could lock him down to a point where he couldnt even access his own CD-rom or floppy drives. A lot could be said in the name of security when this user cries foul about his access limitations. Documentation is good to keep on record if this user trys to go over your head with complaints. Stay firm on your grounds for limited access for the sake of keeping your network and systems safe.

Collapse -

A breach of security is serious....

by ISGirl In reply to Do some recon on his syst ...

An internal breach of security is serious - even if your boss's boss doesn't think so.

Personally, I wouldn't even name names. I would simply announce to those that I'm accountable that there has been an internal security breach and begin to tighten up security. This might mean that I disable the Administrator account and use my user name with Admin privileges only. If there is one other person who has Administrative privileges, you can safely suspect that they are the source of the password. I would give them a separate user name and password stressing that it is for their use only and turn on logging for all user logins so I can the activity on that account.

Now, your "wanna-be" doesn't have access...but if he is able to break back in using one of your two user names with Admin privileges, you have more information as to how he's getting the password.

If my backup Admin was giving away their password, I would force frequent changes and reduce his privileges drastically. If he isn't giving it away, his workstation may have been compromised and you should look closely for key loggers and other tools that might be the give away.

Last, lock down your "wanna-be" to the nth degree. Flex your muscle a little and show him that you are the Admin. He can't complain that you've taken away privileges he isn't supposed to have.

Just keep saying that there was "an internal breach of security" that concerns you deeply and ask your users for patience and understanding as you expire passwords more often and require more complex passwords, etc. Security is very serious and you would be remiss to let this issue pass.

The point is that you should be tightening security accross the board and not appear to be picking on him. Other users may be budding "wanna-bes" too and you should nip that in the bud.

Collapse -

Political Problem not Technical

by jimmac454SS In reply to Roles are clear

Your problem is a political/managment problem and cannot be solved through technology. You must make it clear to the senior level management that you support employees developing their skills, etc. but there has to be limits that will not affect the operation of the business. A reference to the effect of a disaster upon stock prices and the subsequent involvement of auditors in your boss's boss's operation will allow him to take action.

Collapse -

hacking admin passwords very POSSIBLE!!

by zekeallmon In reply to Roles are clear

Hello, i wont go too far into this, as you probably know way more than I do. I am only a PC tech at a mom and pop pc repair company. I on ly have my A+, and net + certs.

However, i do have a copy of a piece of software that allows a user to boot to CD, and run a program that tells him the admin user names and passwords.

YOu may want to look into the possiblitly of that happening!!

I cannot remember the name of the program off the top of my head, but it does come in handy when a customer drops there computer off to us to fix, then have password protection on it. I can get into their computer w/out them even being bothered by a call from me. Also, its kind of cool to tell them, that i did that. If you need to know the name of the software, email me at zekeallmon@yahoo.com

Collapse -

hacking admin passwords very POSSIBLE!!

by zekeallmon In reply to Roles are clear

Hello, i wont go too far into this, as you probably know way more than I do. I am only a PC tech at a mom and pop pc repair company. I on ly have my A+, and net + certs.

However, i do have a copy of a piece of software that allows a user to boot to CD, and run a program that tells him the admin user names and passwords.

YOu may want to look into the possiblitly of that happening!!

I cannot remember the name of the program off the top of my head, but it does come in handy when a customer drops there computer off to us to fix, then have password protection on it. I can get into their computer w/out them even being bothered by a call from me. Also, its kind of cool to tell them, that i did that. If you need to know the name of the software, email me at zekeallmon@yahoo.com

Collapse -

Firm documented computer use policypolicy

by durand In reply to Published Roles?

What ever happened to the good old days of 1994 and prior when we had a very firm computer use policy? It seems the more technically advanced we become, our tolerance for this type of behavior rises. One large mistake of horse playing by a 'wanna be admin' is enough. The third mistake by this individual is the mistake of the management staff.

Collapse -

Your title is SOOOO negative!

by Oz_Media In reply to controlling a wannabe adm ...

First of all you have said a couple of really bad things for someone in your position, that tells me this has to do with YOU wanting control and having it shared (even if not by choice) is not giong well with you.

You say you want to "CONTROL" a net admin "WANNABE".

This speaks volumes in itself. First, I'd say sit down and realize it's not YOUR company, yuo don't have to CONTROL anybody and every net admin is a WANNABE to another netadmin.

Now this guy doesn't know what je's diong, did you when you first got your knees dirty or were you just as curious as to how things worked?
That WANNABE interest builds some of the best admins around, convince your boss to let you either train him or send him to school. I know many guys who thought they knew it all and caused nothing but problems, but then the users came to me to fix things and it was soon apparent exactly who knew what they were doing. After a while, they would never ask the other guy and would always call me first, knowing from my demonstarted ability that I could resolve their issue without creating further problems.

If I was you, I would take advantage of someone so eager to get into IT. Teach him the simple redundant crap you can't be bothered to do. Actually don't teach him, just send him info and ask him to do thingsm, he will soon be over his head and realize it, at that point he will either back off and let you do the work, or take an interest and come to you with questions.

It is quite a common issue in several offices I have worked with in the past as well as one of my existing customers.

So instead of trying to STOP him, encourage him, once he realizes that you want him to help you work and not just to play around, he'll either be scared off and bee TOO BUSY from no on or he will become a great help.

Do me a favour, come to Canada and try to take over my job duties, you're more than welcome to. If you screw up, my contracts pay me to clean up the mess so you're just feeding me while proving that I know best.

Collapse -

But it is justified

by lbofh In reply to Your title is SOOOO negat ...

You know, I think you are rather judgemental without knowing the facts.
We did initially try to have him help with some tasks. Problem was, he took advantage of his new privileges and started installing things he shouldn't and generally mucking with servers. (Another favorite thing to do was to randomly edit the registry on various workstations.) He was not willing to listen or learn and he was sure that he knew best in all situations.
After he screwed up yet another server, (which he wasn't supposed to touch anyway) he was told by my boss that his assistance was not wanted and asked to concentrate on his data entry duties.
I want you to know that I have a very soft spot for "wannabes" because that IS how I started out. I too, believe that the interest/desire to learn makes the best admins.
The difference with me was that I didn't ASSUME that I knew ANYTHING. I read the book/researched, tested and most importantly, DIDN'T SCREW UP PRODUCTION SYSTEMS! If I wasn't sure what I was doing, I ASKED. And also important is having the balls to admit when you've touched something and accidentally screwed it up.
That is NOT the case here. Believe me, I have plenty of jobs that I'd like to delegate. It would also be nice to have a set of eyes and ears in that remote office for troubleshooting purposes.
The reason I'm so negative about this guy is that it is ultimately MY responsibility (and my ***) when things get screwed up. It's my cell phone that rings 24/7 not his. I already live at the office and I don't have time to clean up messes that someone else makes.
If someone is willing to take responsibility and is open to being shown a better way then fine. But otherwise, leave my network the **** alone.

Collapse -

So lock him out.

by Oz_Media In reply to But it is justified

Create another user with the same rights (separately created not just equal to admin)and keep it to yourself. THIS is YOUR new private access password.

Setup the login scripts to restrict the admin logging in after hours, if he manages to get the new admin account info, he can't login after hours.

SHUT down access to the Windows registry on all remote machines, this should be yours only. There's a few programs that will block the registry, shortcuts, DOS prompt, Boot prompts etc., but I use Netware so you'd have to explore MS options if that's what you use.


Now to address your previous comment:
"You know, I think you are rather judgemental without knowing the facts."

You asked for input based on the facts you had provided. If you neglected to include pertinent information until a later posting, then it is not me who is to blame for my comments but yourself for not providing the whole story up front. What did you expect?

Try that in a courtroom and see if you can talk your way out of jail by saying "...but they didn't get the whole story before they passed judgement!"

Good luck with your pain in the butt, but remember EVERY company has one.

Back to IT Employment Forum
190 total posts (Page 4 of 19)   Prev   02 | 03 | 04 | 05 | 06   Next

Related Discussions

Related Forums