knowledge level = manhood higher = smaller On Tue, Mar 25, 2008 at 12:33 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> I was just kiddin, Shook. I've been on this list for years, and your > knowledge level has always been much higher than my own... > > Joe Heaton > > > ------------------------------ > *From:* Andy Shook [mailto:[EMAIL PROTECTED] > *Sent:* Tuesday, March 25, 2008 9:26 AM > > *To:* NT System Admin Issues > *Subject:* RE: Termination Process > > Now that just hurt my feelings. > > > > Shook > > http://www.linkedin.com/in/andyshook > ------------------------------ > > *From:* Joe Heaton [mailto:[EMAIL PROTECTED] > *Sent:* Tuesday, March 25, 2008 11:52 AM > *To:* NT System Admin Issues > *Subject:* RE: Termination Process > > > > HA! Has Shook tried to follow it yet? > > > > Joe Heaton > > > > > ------------------------------ > > *From:* Sherry Abercrombie [mailto:[EMAIL PROTECTED] > *Sent:* Tuesday, March 25, 2008 8:47 AM > *To:* NT System Admin Issues > *Subject:* Re: Termination Process > > LOL Thanks Steve. When you're documenting a procedure for a not so > technical manager, you want to make it idiot proof. > > On Tue, Mar 25, 2008 at 10:39 AM, Steve Ens <[EMAIL PROTECTED]> wrote: > > Nicely done Sherry! I guess everything IS bigger in Texas, even the > documentation. > > > > On Tue, Mar 25, 2008 at 10:32 AM, Sherry Abercrombie <[EMAIL PROTECTED]> > wrote: > > Documentation from our Data Center Admin Sharepoint site, it includes > screenshots of the specifics mentioned. > > Wednesday, December 20, 2006 > 9:05 AM > > Procedures for Disabling User Accounts > > 1. In the account properties, on the "Account Tab" place check mark in > the "Account is Disabled" box. > > 2. On the "Member Of" tab, look for any distribution groups and remove > them, this will remove user from distribution lists. > > 3. On the email address tab, uncheck the "Automatically update email > addresses….". Click on the smtp address that is for *@ > notprimarydomain.com and click on the "set as primary address", then click > on the [EMAIL PROTECTED] smtp address and remove it. > > 4. On the "Exchange Advanced" tab mark the check box by "Hide from > Global Address List" > > > 5. On the same tab, click on the mailbox rights tab and follow these > procedures taken from Microsoft KB 319047: > > > On the View menu in the Active Directory Users and Computers snap-in, > click Advanced Features. > > On the Exchange Advanced properties tab of the disabled user object that > owns the mailbox, click Mailbox Rights, and then search the list of accounts > for one that has the Associated External Account permission. > > If no account has this permission, grant the SELF Account, Associated > External Account, and Full Mailbox Access permissions. > Note The SELF account is available in all Microsoft Windows 2000 domains. > All SELF accounts share a well-known SID that is the same across all > domains. If the SELF account is not already listed in the Permissions dialog > box, you can add it by typing SELF as the account name. > > If the SELF account or another account currently has Associated External > Account permissions, remove the Associated External Account permissions from > that account. > Only one account at a time can have the Associated External Account > permission. Therefore, to reset the permission, you must first remove this > permission. > > Exit all properties dialog boxes for the user object. To do this, click OK > at each level. Do not click Cancel. > Changes to permissions are not applied until you exit all properties > dialog boxes. > > After the DsAccess cache is refreshed, the new configurations take effect. > E-mail messages that are sent to the disabled account no longer generate > NDRs. > > Pasted from <http://support.microsoft.com/kb/319047/en-us> > > 6. In ADUC, look for a folder named: Microsoft Exchange System > Objects. If it doesn't show up, make sure you have the advanced view > selected. > > In this folder you will find a distribution group called "NDRs". Open the > properties for this group and go to E-mail addresses tab. On this tab click > on the "New" button. > > On the new address window, double click on SMTP Address > > In this window type in the full smtp address of the account you just > disabled > > Click OK. This will add the external email address to a distribution list > that goes nowhere, which will eliminate NDRs. > > 7. Check for remote access accounts in VPN and Shiva and delete those > accounts. > > These procedures were written at a managers request so that he could > disable accounts when it was requested of him, hence the very detailed step > by step procedures. We very rarely have a manager request access to former > employees files & email. Sometimes that happens prior to termination and in > that event, the manager must have the chief officer over them give IT > approval to do that. We do have in our company policy that is given to all > employees a statement to the fact that all data saved on company servers and > desktop computers is the property of the company and not subject to any kind > of privacy, including email. > > > > > > On Tue, Mar 25, 2008 at 9:52 AM, Terry Dickson < > [EMAIL PROTECTED]> wrote: > > These can be highly Company specific. When I know in advance I do a > backup of the user's PC ASAP, and usually after hours. We have had a > few people that "knew" in advance and started deleting stuff. I also > either eliminate the account or disable it. Our best practices "guide" > calls for everyone in the department where employee worked to change PW. > Since it is only a guide it is not always followed. > > Check all systems user has access to, especially web based ones to > disable or change PW on. > > > > > -----Original Message----- > From: Roger Wright [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 25, 2008 9:35 AM > To: NT System Admin Issues > Subject: Termination Process > > Do any of you have a process you can share for IT responsibilities when > employees are terminated? I.E., disabling the account, archiving PST > and Document files, removing account from DLs, etc.? > > > Roger Wright > > Network Administrator > > 727.572.7076 x388 > > ____ > > The only problem with seeing too much is that it makes you insane. > --Phaedrus > > > > > Picture (Device Independent Bitmap) > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > -- ME2 ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
