Announcement

Collapse
No announcement yet.

Rules for Sacking, Firing, Terminating, Replacing etc etc Administrators

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rules for Sacking, Firing, Terminating, Replacing etc etc Administrators

    There are many threads in this Forum about Admin passwords or Admin accounts being changed by the network Administrator and then only known to them. While the overwhelming majortiy of Administrators are honest hard working professionals, there are the small few who are willing to play havoc with a business that is not theirs. Inlight of this I have made a few simple rules for dealing with these hostile nonprofessionals and their removal.

    Please feel free to add any significant and/or realistic suggestions to this thread. Parts of this can also relate to having your only Administrator die and take the Administrator account details with them.

    1. ALWAYS make sure you have a Domain Administrator user account and password available to you BEFORE removing them.
    2. NEVER give them notice. Immediate dismissal is the only option (personal opinion only)
    3. Physically escort them from the premises
    4. NEVER let them touch ANY machine after they have been told of their termination.
    5. Change ALL Administrator passwords IMMEDIATELY.
    6. Look for any backdoor accounts they may have created and disable them. (I say disable because you may identify an account incorrectly and if something stops working it is easier to enable an account than create a new one for the service or application)
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

  • #2
    Re: Rules for Sacking, Firing, Terminating, Replacing etc etc Administrators

    So true.

    I'd do #6 first (at least the "look" part) PLUS make an alternate domain admin account as part of #1 just in case.

    #2/3/4 are always a must. If HR gives you lip, explain the downside and the risk THEY are placing on The Company. A check will be cut immediately to hand to the poor Sod as you escort him to the curb.

    #5 is sometimes tough as most sites aren't good at accomplishing this on a periodic basis let alone an immediate one. Making sure outside access is eliminated is the key. Often you have privledged service accounts out there w/ fixed passwords the admin will know so even if you change all domain admin passwords, there may still be a back door you can't easily close.

    #5 should be part of your disaster recovery planning and tested quarterly as terminating an admin can be a disaster.
    Cheers,

    Rick

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

    Comment


    • #3
      Re: Rules for Sacking, Firing, Terminating, Replacing etc etc Administrators

      Yeah, #5 is the tough one. That is why I never use the Admin account to run a service though a great many do. Can't figure why.
      1 1 was a racehorse.
      2 2 was 1 2.
      1 1 1 1 race 1 day,
      2 2 1 1 2

      Comment


      • #4
        Re: Rules for Sacking, Firing, Terminating, Replacing etc etc Administrators

        Our organisation has only one account per domain that is a generic domain admin account. All other accounts with these rights are personalised, and separate from "humble" accounts. The passwords to the generic admin accounts are kept very closely guarded... the only person with ready access to them (out of 28,000 other employees) is the Technical Architect who built the forest - and at his level (and being the only one with access) it's unlikely that he would try anything daft.

        Services are run with the minimum rights required by a specially created service account for each service; and except in ONE case (where a difficult app needs it) people NEVER EVER log in to these accounts. Auditing is enabled on the key areas to enable infringements to be quickly tracked down and disciplined.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: Rules for Sacking, Firing, Terminating, Replacing etc etc Administrators

          I just hope the Technical Architect has a hardcopy somewhere. Imagine the chaos if he were hit by a bus or had a heart attack.
          1 1 was a racehorse.
          2 2 was 1 2.
          1 1 1 1 race 1 day,
          2 2 1 1 2

          Comment

          Working...
          X