Why don't you just fire the guy or tell him that the IT department and it's
policies do not provide a friendly environment for engineers? Maybe he will
get good and pissed on his own and quit. End of problem.
Realize that if he has been hired as your database priest, ERP God, CRM
Guru......whatever his title is, he needs full access to do his job. If you
piss him off, he will go and write code for someone else. If your HR people
don't wanna mess with him, it should make perfect sense to you that they are
probably paying him a LOT of money to do his craft at your company. Put him
on his own network with his own servers for testing. He won't need to
install software on your production server boxes anymore. Give him full keys
to his kingdom and standard domain user permissions to yours. Realistic end
of problem.
----- Original Message -----
From: "Brad Lunsford" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 09, 2000 2:43 PM
Subject: Re: [OT] L0pht crack policy
> I'd also disable his ability to download ANYTHING from the internet, and
> disable the local floppy and CDROM so nothing can be installed without him
> using his network permissions - which should be tightened like a
thumbscrew.
>
> ----- Original Message -----
> From: "Brian Steele" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, June 09, 2000 4:41 PM
> Subject: Re: [OT] L0pht crack policy
>
>
> > What surprises me is this doofus is still working for your company!
> >
> > Do the PCs remain under IS control? If so, personally I'd configure his
> NT
> > account so he can only log on at his PC - then retrieve his PC until an
> > explanation is forthcoming FROM HIS MANAGER about his practices.
> >
> > And how come he's able to log on to your servers to install software?
> > Aren't those locked away from such access? If not, shouldn't they be?
> >
> >
> > Brian Steele
> >
> >
> >
> > ----- Original Message -----
> > From: "Jesus Gonzalez" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, June 09, 2000 3:27 PM
> > Subject: [OT] L0pht crack policy
> >
> >
> > > Hi All,
> > > please excuse this message since it's a bit off topic, but I could use
> > your
> > > expert opinions to give me some backup.
> > >
> > > There is a programmer in our company who seems to think that he is
above
> > all
> > > of our policies and procedures. Yes, he is a new guy but has endeared
> > > himself to his manager (as the Director of IT, I report to someone
else
> > > entirely). He's continusouly installing applications on his machine
and
> > the
> > > servers because he says he needs them, even though policy clearly
states
> > > that only IT is allowed to install authorized applications on all
> > > workstations, and certainly the servers. He even changed the local
> admin
> > > password and refused to give it to us, and he's password protected his
> > bios.
> > > That stunt earned him a fresh image and a CMOS clear and OUR password
in
> > the
> > > bios.
> > > So we finally had no choice but to lock his system down (a Win2K box)
> and
> > > not give him the local admin password so he can't install anything.
> > > Naturally we were well aware of programs like l0phtcrack and others to
> > break
> > > the admin password, but never though he'd resort to it. Sure enough,
> he's
> > > downloaded it, and while he's been out of town, he's yet to use it.
> He's
> > > also downloaded the Win2K high encryption pack, my guess is that he
> > intends
> > > to crack and change the local admin password, then install the HE pack
> in
> > > hopes of preventing us from doing what he just did (can you say
> REimage).
> > > It's stupid, I know. And I can't believe I'm having this battle.
> > >
> > > I would like to know what policies people have in place for users who
> > > attempt to crack passwords using such tools? When I spoke to HR and
> spoke
> > > in general terms, the Director said she would fire anyone who did
that.
> > > When I told her who it was, she backed off and said 'oh, that will be
> > > tough'. I guess I'm just looking for others who have dealt with this,
> or
> > > who have clear and tested policies in place so that I may have
something
> > to
> > > back me up when push comes to shove.
> > >
> > > Thanks in advance!
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
