A lot of that is specific to your organization. #1 should be "disable all of user's accounts"
#2 is irrelevant if you do #1. Any disabled account cannot be logged into, regardless of whether the attacker knows the password. Same goes for #4 & #6. If everything uses AD for authentication it can be done in one fell swoop. #3: Why? Walk over to the PC and shut it off/re-image/whatever. Erickson, David wrote: > On our checklist we have: > > 1. disable user’s AD acct > 2. reset user’s password > 3. disable network port. > a. We now have Cisco IP phones that sit in-line between the > computer and the network jack. If I disable the port, they would not be > able to use their phone. What do you do? Log them off their computers > instead? > 4. Remove VPN access > 5. Transfer phone to Front Desk Recption > 6. Shut down email access -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
