At my job, I work with an administrative database. Recently, I have become the Exchange Administrator and have been helping with various network functions (as I used to be a Network Admin).
We have a student worker who has demonstrated time and time again that he can't be trusted with aproduction server. He loves to "tinker", and as a result will often cause problems and then simply leave the scene, since he has no ultimate responsibility (as he's "just a student").
Our division director has over the years given him total control and permissions over the network. Yesterday, we has our Global Catalog server crash, and we found that he was the last person to have logged on. In the interest of immediate security, I changed the domain admin password, and revoked this student's membership in the domain admins and administrator groups. The director is on vacation this week, and although he usually is called about everything, I felt that in this case it was the correct couse of action and would talk to him about it when he returned on Monday.
Well, once he heard about it (I did send an e-mail explaining very clearly what I had done and why), he made a special trip into the office to rip into me. He basically spent 45 minutes yelling about how I was completely out of line, didn't have the proper authority, should have called him, etc. Then he just got up and left. So now here I am afraid to touch anything more for fear of being whacked further.
Anyone ever been smacked down for trying to maintain the integrity of your security systems? While I can appreciate where he's coming from (he likes to be informed, etc.) it comes down to a matter of him liking this student and allowing him to do whatever he wants. He openly admitted to me that he understands the security risks, but he is willing to take them. I say you can't have it both ways. You either open up your system and accept the downtime/expense that is incurred, or lock it down.
Anyway that's my tale of woe for the morning. Here's hoping the afternoon is brighter.
We have a student worker who has demonstrated time and time again that he can't be trusted with aproduction server. He loves to "tinker", and as a result will often cause problems and then simply leave the scene, since he has no ultimate responsibility (as he's "just a student").
Our division director has over the years given him total control and permissions over the network. Yesterday, we has our Global Catalog server crash, and we found that he was the last person to have logged on. In the interest of immediate security, I changed the domain admin password, and revoked this student's membership in the domain admins and administrator groups. The director is on vacation this week, and although he usually is called about everything, I felt that in this case it was the correct couse of action and would talk to him about it when he returned on Monday.
Well, once he heard about it (I did send an e-mail explaining very clearly what I had done and why), he made a special trip into the office to rip into me. He basically spent 45 minutes yelling about how I was completely out of line, didn't have the proper authority, should have called him, etc. Then he just got up and left. So now here I am afraid to touch anything more for fear of being whacked further.
Anyone ever been smacked down for trying to maintain the integrity of your security systems? While I can appreciate where he's coming from (he likes to be informed, etc.) it comes down to a matter of him liking this student and allowing him to do whatever he wants. He openly admitted to me that he understands the security risks, but he is willing to take them. I say you can't have it both ways. You either open up your system and accept the downtime/expense that is incurred, or lock it down.
Anyway that's my tale of woe for the morning. Here's hoping the afternoon is brighter.
Facebook
Twitter