Re: securing windows 2003 server after someone has left the company

From: IntraServ, LLC (carlos_AT_intraserv_DOT_com)
Date: 01/10/05 

Date: Mon, 10 Jan 2005 12:02:53 -0500

You are going to have to take a multi-layer approach to this (well at
least I would).

1) Change all the Admin passwords (servers, routers, workstations, etc.)
2) Change the password on his/her his former account and disable it.
3) Audit the systems in step #1 to make sure that there are no other
admin accounts that the person can get access to. If there are and you
need the account then change the passwords. If the account is not really
needed then change the password and disable it.
4) Audit the systems again - make sure that there are no logging systems
that might be potentially relaying your password changes to the former
admin on a remote account, if you find any then start at step #1 again.
5) Change the users accounts on the domain to force a password change at
the next login. If he/she know any user passwords this will negate them
any other possible access.
6) Continually audit your systems - if you are an admin you should be
doing this on a regular basis anyways.

I am sure that I missed something so I hope that any other ideas are
passed along to you by other ppl on this group.

Carlos

jimdav24 wrote:
> Is there a comprehensive guide for locking down a server to prevent access to
> someone who has left the company?
>
> The current systems admin has left the company and I want to secure the
> environment such that this person cannot gain access.
>
> Thanks in advance for your help.

Relevant Pages

  • Re: Forest to Child -- Permissions
    ... My account can login to all the DCs and has full administrator priv. ... first DC in the root. ... the member servers only ... never happen unless some admin has been mucking about. ...
    (microsoft.public.windows.server.dns)
  • Re: Forest to Child -- Permissions
    ... My account can login to all the DCs and has full administrator priv. ... first DC in the root. ... the member servers only ... never happen unless some admin has been mucking about. ...
    (microsoft.public.windows.server.dns)
  • Re: Incoming E-Mail - cant create contact in OU
    ... central admin pool different than the web app. ... that account a little (if the web app is compromised or something, ... So I started with giving the app pool account domain admins permissions then ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Security Breach in AD! Help!
    ... > about 5 minutes the user was removed from the built in admin group. ... > changed the default domain policy, the default domain controller policy, ... >> auditing of account logon for success and failure and account management ... >> success and failure in Domain Controller Security Policy. ...
    (microsoft.public.win2000.security)
  • Re: cant verify disk
    ... She went to DU, and when she pressed "verify disk", it asked her user ... Disk Utility has required an administrator name and password for certain ... This is clearly a task which requires admin privileges, ... seriously mucked up with her user account settings in the NetInfo ...
    (comp.sys.mac.system)