General discussion

Locked

Procedures when IT Manager is leaving

By Annajane ·
When the IT Manager is going to be let go, what are the important things to consider and the information needed? He is 90% of the IT department and very controlling. There are several servers and 40-50 users. He often worked from home. Several consultants are being brought in to help the remaining IT person and C Level management during the transition. We will all be meeting to develop a strategy before the IT Mgr. is notified.

This conversation is currently closed to new comments.

36 total posts (Page 2 of 4)   Prev   01 | 02 | 03 | 04   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

GIYF - How to Fire Your Network Administrator/ Manager

by secure_lockdown In reply to Procedures when IT Manage ...

http://www.nwfusion.com/cgi-bin/forum/gforum.cgi?post=1740;sb=post_latest_reply;so=ASC;forum_view=forum_view_collapsed;guest=577590

http://tinyurl.com/59k7w

<quote>
How to Fire Your Network Administrator/ Manager


By guest
Aug 2, 2004, 11:54

We know that a common question employers have is ?how do we find the right Network Administrator / Manager for our needs?? There is plenty of material on the web about that but what if your question is ?How do I properly terminate a Network Administrator or manager?? This is a question that many senior executives and I.T. personnel don?t know the answer to. That is because it is a very grueling and complicated task.

Many employers are in a rough predicament with regards to their most senior Network Administrator (s). They may have an I.T. manager who lacks the proper ethics and conduct that is required for their job or maybe they lack talent and are technically incompetent. Perhaps they just don?t give a damn or share the company?s vision. These are all reasons to consider an ousting.

A very common reason administrators and senior I.T. management get the axe is due to a violation of company policy and/or inappropriate financial spending. This brings many things to mind such as accounting audits, budget concerns, lost programs, and overall company losses. A worthless Network Administrator or manager can wreak havoc on a company?s future and besmirch its reputation to include it financial officers.

It is important to know that firing a Network Administrator/ manager is a very difficult and stressful task for the company. Doing so would require many measures to take place long prior to this ousting. I would recommend taking some time to complete all of these measures even if it takes several weeks or months. This is not an ousting that can be rushed. Anyone who has complete network security authority and knowledge must be handled differently than those who do not. Keep in mind that this employee may be disgruntled and has the ability (not that they would) to come in to the network from the comfort of there own home and ?accidentally? destroy all data and functionality of your network thus putting the whole company in jeopardy.

It is really sad to say it but there are many companies out there who put all there eggs in one basket. They entrust only one or two individuals with the whole enchilada. This puts the administrators in a position of complete power and authority?which sometimes leads to questionable ethical practices if you know what I mean. If this is the case with your company it may be more of a challenge to oust this individual (s) but not impossible.

A couple of years ago I had the most unfortunate task of assisting my CEO come up with a plan on how to oust our I.T. Manager without creating a disaster for the company. They already had what they needed to let him go but were intimidated by the fact that letting him go could mean reprisals. There is no perfect way to let a Network Administrator go but hopefully this will provide some insight on how to handle this risky employee termination.

Here is a list of things to do prior to firing a network administrator or manager.
Note:
[This is assuming that there are not several administrators with the same knowledge and the person getting fired has superior control and privileges over the whole network.]

1. Keep it a secret to everybody perhaps even HR if there is a possibility of there being a leak on their part.

2. Get a feel of all your I.T. personnel and evaluate what kind of relationship that they have with the ousting candidate. In the event that someone has to be called to side with the employer it would be nice to know where everyone stands. If there is an employee who has obvious professional disputes with this administrator then it may be wise to recruit them to the cause. This would be the only exception to no. (2).

3. Try to send the administrator on a vacation or long business trip.

4. Get an inventory of all the server equipment. Not for accountability necessarily but so when the time comes, you know what belongs to the company and what belongs to the administrator or associated vendors. One thing to note?anything with the companies data or is connected to the network can be considered property of the company since possession is 9/10ths of the law. A disputing administrator trying to claim ownership of hardware that the company is dependent on will not have as much leverage as the company has. Even still it would be wise to know what belongs to whom.

5. Hire a third party I.T consulting team to assist with all of the below. This team may have to virtually hack into the network and analyze it. It will pay off to go with the highest bidder on this one and choose seasoned experts in the field. This is not a security breach as long as an executive decision is made that is in the best interest of the company.

6. Try to obtain all IP (internet protocol) addresses of all servers, routers, print servers, and all statically assigned devises.

7. Obtain passwords to PDCs (Primary Domain Controllers). This may help with obtaining passwords to all other network devices since most people use a common User ID and password combination. This may be possible via a trusted employee who is in on the whole matter (very difficult), or a key logger can be used as long as a profile or account can be accessed on the server. A key logger can be installed on the server and it will revile what the administrator types to access the machine. You may not have much time to get all the information you need from this point because a network administrator may become aware of this activity. The third party investigative team may also have other solutions.

8. Obtain all third party vendor information and what access they have. Keep their contact info on the ready for when or if a firing occurs. They ?may? have to be fired as well, especially if they are related to the administrator, very close, or has other financial ties with the in-house administrator.


9. Meet with the hired third party investigative team and who ever else is on this trusted ?committee? if you will, and discuss how a ?hostile take over? of the network can occur. The soon-to-be-fired administrator (s) must not have access to the network physically, electronically, remotely, or even through contacts. This will have to be considered as part of this plan. Locks will have to be changed as well as a whole mountain of network configuration information.

10. Finally discuss how the firing will take place. The link to the article below may provide some input on this matter. How the individual will be approached, what will be said, who will say it are all too important. Make it quick when it happens and have a sturdy staff on hand. Be prepared for a few unexplained sudden problems that may have to be troubleshooted within days of the firing. They should not be significant enough to impact the company so long as all of the above steps are followed.


I am interested as to what others think about this subject. Has anyone gone through a similar situation?

Here is a link to another article that applies directly to this topic. I found it very interesting. If anyone has any more links that they can submit regarding this subject please post them.

Ron Jennings
Engineer
Lodi, CA

Other References:

http://research.lumeta.com/tal/papers/LISA1999/adverse.html

</quote>

once again, GIYF

SL

Collapse -

Great info but what about backups?

by dafe2 In reply to GIYF - How to Fire Your N ...

I guess I'd just add that a quiet system archive would be recommended no matter what the circumstances where.

I'd also make sure a complete backup was done for all systems. I'd also find a way to either do a backup of the persons station or better yet an image copy of his/her disk drive.

Collapse -

And

by Tony Hopkinson In reply to Great info but what about ...

I did start running through the steps I'd want to perform in such a hostile situation. I included back ups as well as the those things secure detailed pretty much anyway.

I also added physical security of the building keys, alarm passwords , things like local admin and bios passwords.

As we've all noted this situation is a nightmare, it would be like finding out the head of the CIA was a russian plant. Where do you stop.

For instance as well as contacts through vendors has his position put him in the know about future strategic business decisions. Has it made available the current state of the corporate finances where the information could be useful to the competition in exploiting a current weakness.

Imagine if you secured your entire IT effort successfully and then got taken over and he came back as the CEO.

Even if you don't have to resort to raving paranoia mode to deal with the situation, I can't see how you can get the basket off him without at least cracking some of the eggs. For instance what about the accounts job with a hard coded password that he runs annually because the system needs tweaking, that everyone but him forgot was there.

Some more thoughts from a raving paranoiac.

He works from home, is this on a company pc or does he do it on his own kit. Who owns the data on such a machine and can you legally have it removed, even if you do, has he got his own backup, how would you know ? Given he has this access if he isn't handcuffed in a locked cupboard when you start the procedure unplug every external access point before you begin.

You'd definitely have to look at backdoors, and any other forms of exploitable weakness in your security set up, because if anyone knows that a port is open, or that you are vulnerable to a particular sort of attack, it's him.

Do not forget any modems attached to pc's inside the firewall. Classic , no need to war dial, he knows the damn phone number. Course any sensible security system would have identified these as an extreme risk anyway.

Don't forget the pabx, password based access to services provided by third parties to the company and other things that are not thought of as part of your computer system.

Another exploitable weakness is if the password policy is currently lax and say Jim from accounts has problems remembering his, so they are all set to his wife's name, you can guarantee such a person will revert back to this security scheme if allowed.

Another point is, instead of the usual terminated due to mutual agreement stuff put round the upper echelon to explain this sort of thing. You've got to contact everyone and tell them he's a security risk, otherwise he could ring up one of your employees with whom he did and still has some trust and exploit it. This may cause some execs a problem as they don't generally like admitting to dropping spherical objects of any type.

People try not to think of this sort of thing, but is he aware of which cupboard a key person's skeleton is hidden. Business trip away from the wives in the seediest part of Thailand say.

Being english, I'd also want to know if he spent a lot of time cleaning his gun collection. We consider that sort of thing suspicious.

My largest concerns however are twofold

Is he a member of tech republic ? Or one of his friends.

Is this exercise is being viewed as a threat assessment, i.e. the capability of a potential enemy, or is he definitely an enemy. In the former case, pointing his desk lamp in his eyes and saying "Ve vant the passvords" is seriously going to irritate him.

All said and done in this situation, you don't ask yourself am I being paranoid, but am I being paranoid enough ?

On that basis, I'm sure those closer to the situation could come up with one or three more.

Can't help picturing some affable geek arriving at work on a monday morning to find he has no job, been blacklisted, his honour and professionalism smeared and when he gets home utterly shell shocked there's an unmarked van with tinted windows and an antenna parked near his house.

Probably make a good film. Jude Law in the starring role.

Collapse -

one guy is bad

by secure_lockdown In reply to And

thats why it's not good practive to have one guy do everything. if he leaves or if situation sours - you will have a headache.

Collapse -

I was a leaver myself

by Tony Hopkinson In reply to one guy is bad

The panic as the management team raised their heads out of the sand, when I annnounced my intention to leave at the earliest opportunity was something to see.
Having created the situation, both in terms of their vulnerability, and my desire to further my career elsewhere, guess who they blamed for it.

Apparently it was my fault for not stressing their vulnerability except in terms of increasing manning levels to reduce it.
That's what happens when you give people who can't think past the end of a financial period too much control.

Collapse -

by Jaqui In reply to I was a leaver myself

is that not when accountant are running a non accounting business?

worst mistake is to bean count manage a business, unless it is an accounting firm.

case in point, downsizing and outsourcing cause profits are down.

well no sh@t sherlock, your customers are on welfare cause you let them go to make more profits.

that's accounting managing. ;-]

Collapse -

OUCH!!!

by secure_lockdown In reply to I was a leaver myself

nasty turn there. sorry to hear about it.

I can totally see how that could happen and how the mangers can turn around and blame you for not letting them know about what could happen if you ever left.

But you know what - i don't think you are to blame at all. it's just them being a bunch of lame lusers and not wanting to take blame or responsibility for something they let happen and try to blame you, the guy leaving, for alll the problems. any person with ability to think can see that letting one person do all work and not getting involved.. ah whatever. i give up with manglers...

:-)

Collapse -

Well being fair

by Tony Hopkinson In reply to OUCH!!!

What I think really happened was they totally misjudged me. I'd been there 17 years (all my working life) when things started to go wrong, it was my home town, I had a young family. They thought inertia and fear would keep me there and my threats of leaving were a bluff to extort money from them.

Unfortunately no one cares how their orbs got in your vice, they just want them out.

As it turned out, they were wrong, but they did get their nuts back, off me anyway, my replacement's got them now. Sounds silly but they haven't misjudged him.

Still at least I learnt something, while I am the basket again all the eggs in it are mine.

Collapse -

RE: Procedures when IT Manager is leaving

by techrepublic In reply to Procedures when IT Manage ...

In your case (he is 90% of the IT department) a lot of knowledge is leaving with him. We @ myCMDB offer a technology planning/network equipment tracking utility which may help you significantly in this case.

Have him inventory and document your network infrastructure (We offer an online inventory agent which collects system information and installed software).

Then have him document the server and equipment designation/purpose (i.e. this is the email server, we need to reboot it every two weeks and have a daily backup on this machine). This will help your next IT manager and allows you to introduce a standard "audit" that next time at least your infrastructure is periodically updated and documented.

Collapse -

Documenting before acting ?

by EricN In reply to RE: Procedures when IT Ma ...

I remember a posting or document on TechRepublic that said something like "asking somebody to document precisely activities and ressources is a sure sign of being outsourced or fired"; your guy will surely feel the direction of the wind if you do that only now; this is the kind of procedure that must be done for all positions, for such a case (or any other like accidents or sudden deaths) from day one

Back to IT Employment Forum
36 total posts (Page 2 of 4)   Prev   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums