LOL Thanks Steve. When you're documenting a procedure for a not so technical manager, you want to make it idiot proof.
On Tue, Mar 25, 2008 at 10:39 AM, Steve Ens <[EMAIL PROTECTED]> wrote: > Nicely done Sherry! I guess everything IS bigger in Texas, even the > documentation. > > > On Tue, Mar 25, 2008 at 10:32 AM, Sherry Abercrombie <[EMAIL PROTECTED]> > wrote: > > > Documentation from our Data Center Admin Sharepoint site, it includes > > screenshots of the specifics mentioned. > > > > Wednesday, December 20, 2006 > > 9:05 AM > > > > Procedures for Disabling User Accounts > > > > 1. In the account properties, on the "Account Tab" place check mark > > in the "Account is Disabled" box. > > > > 2. On the "Member Of" tab, look for any distribution groups and > > remove them, this will remove user from distribution lists. > > > > 3. On the email address tab, uncheck the "Automatically update email > > addresses….". Click on the smtp address that is for *@ > > notprimarydomain.com and click on the "set as primary address", then > > click on the [EMAIL PROTECTED] smtp address and remove it. > > > > 4. On the "Exchange Advanced" tab mark the check box by "Hide from > > Global Address List" > > > > > > 5. On the same tab, click on the mailbox rights tab and follow these > > procedures taken from Microsoft KB 319047: > > > > > > On the View menu in the Active Directory Users and Computers snap-in, > > click Advanced Features. > > > > On the Exchange Advanced properties tab of the disabled user object that > > owns the mailbox, click Mailbox Rights, and then search the list of accounts > > for one that has the Associated External Account permission. > > > > If no account has this permission, grant the SELF Account, Associated > > External Account, and Full Mailbox Access permissions. > > Note The SELF account is available in all Microsoft Windows 2000 > > domains. All SELF accounts share a well-known SID that is the same across > > all domains. If the SELF account is not already listed in the Permissions > > dialog box, you can add it by typing SELF as the account name. > > > > If the SELF account or another account currently has Associated External > > Account permissions, remove the Associated External Account permissions from > > that account. > > Only one account at a time can have the Associated External Account > > permission. Therefore, to reset the permission, you must first remove this > > permission. > > > > Exit all properties dialog boxes for the user object. To do this, click > > OK at each level. Do not click Cancel. > > Changes to permissions are not applied until you exit all properties > > dialog boxes. > > > > After the DsAccess cache is refreshed, the new configurations take > > effect. E-mail messages that are sent to the disabled account no longer > > generate NDRs. > > > > Pasted from <http://support.microsoft.com/kb/319047/en-us> > > > > 6. In ADUC, look for a folder named: Microsoft Exchange System > > Objects. If it doesn't show up, make sure you have the advanced view > > selected. > > > > In this folder you will find a distribution group called "NDRs". Open > > the properties for this group and go to E-mail addresses tab. On this tab > > click on the "New" button. > > > > On the new address window, double click on SMTP Address > > > > In this window type in the full smtp address of the account you just > > disabled > > > > Click OK. This will add the external email address to a distribution > > list that goes nowhere, which will eliminate NDRs. > > > > 7. Check for remote access accounts in VPN and Shiva and delete those > > accounts. > > > > These procedures were written at a managers request so that he could > > disable accounts when it was requested of him, hence the very detailed step > > by step procedures. We very rarely have a manager request access to former > > employees files & email. Sometimes that happens prior to termination and in > > that event, the manager must have the chief officer over them give IT > > approval to do that. We do have in our company policy that is given to all > > employees a statement to the fact that all data saved on company servers and > > desktop computers is the property of the company and not subject to any kind > > of privacy, including email. > > > > > > > > > > > > On Tue, Mar 25, 2008 at 9:52 AM, Terry Dickson < > > [EMAIL PROTECTED]> wrote: > > > > > These can be highly Company specific. When I know in advance I do a > > > backup of the user's PC ASAP, and usually after hours. We have had a > > > few people that "knew" in advance and started deleting stuff. I also > > > either eliminate the account or disable it. Our best practices > > > "guide" > > > calls for everyone in the department where employee worked to change > > > PW. > > > Since it is only a guide it is not always followed. > > > > > > Check all systems user has access to, especially web based ones to > > > disable or change PW on. > > > > > > > > > > > > -----Original Message----- > > > From: Roger Wright [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, March 25, 2008 9:35 AM > > > To: NT System Admin Issues > > > Subject: Termination Process > > > > > > Do any of you have a process you can share for IT responsibilities > > > when > > > employees are terminated? I.E., disabling the account, archiving PST > > > and Document files, removing account from DLs, etc.? > > > > > > > > > Roger Wright > > > > > > Network Administrator > > > > > > 727.572.7076 x388 > > > > > > ____ > > > > > > The only problem with seeing too much is that it makes you insane. > > > --Phaedrus > > > > > > > > > > > > > > > > > > Picture (Device Independent Bitmap) > > > > > > > > > > > > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > > > > > > > > > -- > > Sherry Abercrombie > > > > "Any sufficiently advanced technology is indistinguishable from magic." > > Arthur C. Clarke > > > > > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
