The first thing that we must accept is that there is no way to prevent him
from regaining administrative control of that system, there are many ways
around it.
The fact that he is installing software at will should allow you to get what
you need to end his actions. There are license issues that put the company
at a sever liability. Even downloading "Freeware" or "Shareware" doesn't
work as most denote that they are freeware or shareware for private use only
not commercial. Take it to the CEO or CFO, put some dollar figures in front
of them of what is costs if you ever get audited (1/2 to 2 full days of down
time per person) plus fines, plus purchasing licenses, plus the press
coverage.
Finally if you want to make it hard for him that will only make you out to
be the bad guy not him. Show where he is costing you money in support costs
and potential costs and you will win.
Jason P. Wilcox
Manager, Security Services
4C Solutions Inc
----- Original Message -----
From: "Jesus Gonzalez" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 09, 2000 2:27 PM
Subject: [OT] L0pht crack policy
> Hi All,
> please excuse this message since it's a bit off topic, but I could use
your
> expert opinions to give me some backup.
>
> There is a programmer in our company who seems to think that he is above
all
> of our policies and procedures. Yes, he is a new guy but has endeared
> himself to his manager (as the Director of IT, I report to someone else
> entirely). He's continusouly installing applications on his machine and
the
> servers because he says he needs them, even though policy clearly states
> that only IT is allowed to install authorized applications on all
> workstations, and certainly the servers. He even changed the local admin
> password and refused to give it to us, and he's password protected his
bios.
> That stunt earned him a fresh image and a CMOS clear and OUR password in
the
> bios.
> So we finally had no choice but to lock his system down (a Win2K box) and
> not give him the local admin password so he can't install anything.
> Naturally we were well aware of programs like l0phtcrack and others to
break
> the admin password, but never though he'd resort to it. Sure enough, he's
> downloaded it, and while he's been out of town, he's yet to use it. He's
> also downloaded the Win2K high encryption pack, my guess is that he
intends
> to crack and change the local admin password, then install the HE pack in
> hopes of preventing us from doing what he just did (can you say REimage).
> It's stupid, I know. And I can't believe I'm having this battle.
>
> I would like to know what policies people have in place for users who
> attempt to crack passwords using such tools? When I spoke to HR and spoke
> in general terms, the Director said she would fire anyone who did that.
> When I told her who it was, she backed off and said 'oh, that will be
> tough'. I guess I'm just looking for others who have dealt with this, or
> who have clear and tested policies in place so that I may have something
to
> back me up when push comes to shove.
>
> Thanks in advance!
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
