Re: securing windows 2003 server after someone has left the company

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: IntraServ, LLC (carlos_AT_intraserv_DOT_com)
Date: 01/10/05

• Next message: Andrew H: "Re: To skype or not to skype"
• Previous message: Dustin Trapani: "Re: Service Packs"
• In reply to: jimdav24: "securing windows 2003 server after someone has left the company"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 10 Jan 2005 12:02:53 -0500

You are going to have to take a multi-layer approach to this (well at
least I would).

1) Change all the Admin passwords (servers, routers, workstations, etc.)
2) Change the password on his/her his former account and disable it.
3) Audit the systems in step #1 to make sure that there are no other
admin accounts that the person can get access to. If there are and you
need the account then change the passwords. If the account is not really
needed then change the password and disable it.
4) Audit the systems again - make sure that there are no logging systems
that might be potentially relaying your password changes to the former
admin on a remote account, if you find any then start at step #1 again.
5) Change the users accounts on the domain to force a password change at
the next login. If he/she know any user passwords this will negate them
any other possible access.
6) Continually audit your systems - if you are an admin you should be
doing this on a regular basis anyways.

I am sure that I missed something so I hope that any other ideas are
passed along to you by other ppl on this group.

Carlos

jimdav24 wrote:
> Is there a comprehensive guide for locking down a server to prevent access to
> someone who has left the company?
>
> The current systems admin has left the company and I want to secure the
> environment such that this person cannot gain access.
>
> Thanks in advance for your help.

---

• Next message: Andrew H: "Re: To skype or not to skype"
• Previous message: Dustin Trapani: "Re: Service Packs"
• In reply to: jimdav24: "securing windows 2003 server after someone has left the company"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Forest to Child -- Permissions ... My account can login to all the DCs and has full administrator priv. ... first DC in the root. ... the member servers only ... never happen unless some admin has been mucking about. ... (microsoft.public.windows.server.dns) Re: Forest to Child -- Permissions ... My account can login to all the DCs and has full administrator priv. ... first DC in the root. ... the member servers only ... never happen unless some admin has been mucking about. ... (microsoft.public.windows.server.dns) Re: Incoming E-Mail - cant create contact in OU ... central admin pool different than the web app. ... that account a little (if the web app is compromised or something, ... So I started with giving the app pool account domain admins permissions then ... (microsoft.public.sharepoint.windowsservices) RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins t ... Flaw in Microsoft Domain Account Caching Allows ... Local Workstation Admins to Temporarily Escalate Privileges and Login as ... Cached Domain Admin Accounts ... administrator" is a "bigger" administrator than the local administrator. ... (Bugtraq) Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins t ... Flaw in Microsoft Domain Account Caching Allows ... Local Workstation Admins to Temporarily Escalate Privileges and Login as ... Cached Domain Admin Accounts ... administrator" is a "bigger" administrator than the local administrator. ... (Full-Disclosure)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2005-01