We disable the user account and move it to a specific OU. 30 days we delete the user account. - We have a script which checks daily and if there is no AD account will delete the user network drive, terminal server profile - We have Exchange set to kill disconnected mailboxes 30 days so email has 60 days grace
On the employee termination form there is a check box that managers can check if they want access to data. - If they want data access our accounts team sets permissions and then then sends them an email with instructions. - they are also notified of the delete date, they can request an extension - if they don't, it's gone. - if necessary we can restore from backup. 5k+ employees, only happened once in the last few years Steven Peck http://www.blkmtn.org On Wed, Aug 18, 2010 at 10:37 AM, Ziots, Edward <[email protected]> wrote: > Isn’t the property created on the companies computers by the employees > during said work, the property of the company? Why does an employee that > leaves entitled to any information whatsoever? Again HR policy will dictate > what is truly personal, and what is business related, but could be a nice > avenue for information disclosure… if you aren’t careful. > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:[email protected] <email%[email protected]> > > Cell:401-639-3505 > > > > *From:* Devin Meade [mailto:[email protected]] > *Sent:* Wednesday, August 18, 2010 12:03 PM > > *To:* NT System Admin Issues > *Subject:* Re: Old user data > > > > We just revamped this process. The user prep's an exit folder. The user's > supervisor makes a pass through it to cull any contract docs etc out. The > the IS dept head does the same. Then we burn a CD or DVD fur the user. > > Before this is done, we make a separate image of their workstation, user > folder and export the mailbox to PST. We attempt to capture and > "undisturbed copy" of this data. This is burned to CD/DVD. This goes to HR > and they follow their own data retention policies. IS maintains no long > term archives of this data type. > > We keep their old workstation for no more than a week or two. It may have > CAD templates and Lord-Knows-What-Else. We change the user's password and > their dept head is supposed to login as the user and poke around to see if > they need anything. This is a subset of a Data Retention Policy, I'm sure I > forgot something... > > Devin > > On Wed, Aug 18, 2010 at 10:48 AM, Andrew S. Baker <[email protected]> > wrote: > > Definitely. > > > > Or give them a DVD. > > > > We don't allow them access to the former user's location for file storage, > as that creates too many plausible deniability [1] scenarios. > > > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Exploiting Technology for Business Advantage...* > * * > > Signature powered by WiseStamp <http://www.wisestamp.com/email-install> > > > > [1] Mix and match posting [2] > > [2] Inside joke > > [3] Even bigger inside joke > > > > > > On Wed, Aug 18, 2010 at 11:45 AM, Steven M. Caesare <[email protected]> > wrote: > > Contact supervisor and offer to copy data to new location of their choice, > often as a subdir to them. > > > > -sc > > > > *From:* David Lum [mailto:[email protected]] > *Sent:* Wednesday, August 18, 2010 11:43 AM > *To:* NT System Admin Issues > *Subject:* Old user data > > > > How do you guys manage deleting data from employees that have left the > company, what’s your process? > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 > *// *(Cell) 503.267.9764 > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
