IT Policy Question

[BDawg]

Wasn't sure there was somewhere better to post, so I decided to post here.

I'm currently writing an agency-wide IT policy. Everything I'm reading suggests that when terminations are made, the HR department should let the IT manager know whether the termination was voluntary or involuntary. Why does this information matter? Shouldn't all terminations be treated with the same alacrity?

 

[Aves]

I guess if the termination was involuntary then the person would possibly be more of a threat but if you do things correctly and promptly it shouldn't matter either way IMO.

 

[n0cmonkey]

Voluntary means that there should be less problems. But yeah, I think they should all be looked at and handled the same way.

 

[Homerboy]

we handle them the same... should not make any difference.
Obviously the HR person that wrote the policy thinks the involuntary would be more of a problem, but both should be delt with the same way <delete>

 

[BDawg]

Does everyone here delete user accounts after a termination? I've heard of some people who just disable accounts.

When I have involuntary terminations, I copy all of the user's personal files to a CD and place it in his personnel file...maybe I just answered my own question.

 

[TMPadmin]

I handle them the same but HR has a bit of a problem notifying me before they are terminated. I end up finding out a week or so later.

 

[Rogue]

I agree with everyone else, change all access codes/passwords/etc. regarless of the reason for departure. You never know down the road that they may not get their final paycheck, etc. and decide to take retribution.

 

[ITJunkie]

Originally posted by: Rogue
I agree with everyone else, change all access codes/passwords/etc. regarless of the reason for departure. You never know down the road that they may not get their final paycheck, etc. and decide to take retribution.

Yup...to me it doesn't matter either way. Prompt notification of termination regardless of why is all I need to know.

 

[Tsaico]

I created an OU called locked, you can call it whatever, but it pretty much has deny rights for all network resources. Then whenever I want, I can just add a person to this OU and they are effectively shut out of the network. This also allows me to disable them right away, regardless if they are logged in or not. Then when the dust settles, you can determine your best move.

As for your origional question, I think as for IT is concerned, they should be treated the same. Unless it is an IT only company, because if one of our own leaves voluntarily, they are less likely to try to attack the network and its data. Disgruntled IT people can be very dangerous to a company, that is why nearly all of us are escorted of property when we get laid off or fired.

 

[poopaskoopa]

We disabled the accounts.

 

[PELarson]

Originally posted by: Homerboy
we handle them the same... should not make any difference.
Obviously the HR person that wrote the policy thinks the involuntary would be more of a problem, but both should be delt with the same way <delete>

Agree with everything except the <delete>. I prefer disabling their account(s) .

 

[BDawg]

Originally posted by: PELarson

Originally posted by: Homerboy
we handle them the same... should not make any difference.
Obviously the HR person that wrote the policy thinks the involuntary would be more of a problem, but both should be delt with the same way <delete>

Agree with everything except the <delete>. I prefer disabling their account(s) .

The only thing that makes me want to delete them is by getting rid of the account, we're able to stay under our licensing cap for exchange av and spam blocking.

 

[Viper GTS]

Originally posted by: BDawg

Originally posted by: PELarson

Originally posted by: Homerboy
we handle them the same... should not make any difference.
Obviously the HR person that wrote the policy thinks the involuntary would be more of a problem, but both should be delt with the same way <delete>

Agree with everything except the <delete>. I prefer disabling their account(s) .

The only thing that makes me want to delete them is by getting rid of the account, we're able to stay under our licensing cap for exchange av and spam blocking.

Hide them from Exchange.

Viper GTS

 

[BDawg]

Originally posted by: Viper GTS

Originally posted by: BDawg

Originally posted by: PELarson

Originally posted by: Homerboy
we handle them the same... should not make any difference.
Obviously the HR person that wrote the policy thinks the involuntary would be more of a problem, but both should be delt with the same way <delete>

Agree with everything except the <delete>. I prefer disabling their account(s) .

The only thing that makes me want to delete them is by getting rid of the account, we're able to stay under our licensing cap for exchange av and spam blocking.

Hide them from Exchange.

Viper GTS

I'm not sure I follow. You mean delete the mailbox while leaving the account?

 

[BDawg]

Originally posted by: Tsaico
I created an OU called locked, you can call it whatever, but it pretty much has deny rights for all network resources. Then whenever I want, I can just add a person to this OU and they are effectively shut out of the network. This also allows me to disable them right away, regardless if they are logged in or not. Then when the dust settles, you can determine your best move.

In this OU, how do you force the rights? Do you just assign a gpo to it and force the policy when someone leaves?