I just updated change control to check into BES enrollment status while going through the terminated user checklist.
On Thu, Feb 17, 2011 at 11:46 AM, Bill Humphries <[email protected]>wrote: > > +1 > > I just discovered that one of our guys did the same thing two weeks ago > when a director level user at a client got let go. user had access via BB > for a week and a half. > > Bill > > > Kurt Buff wrote: > > Indeed, you are correct. > > I just ran into this today. > > One of my minions was given the task of following through on the > termination of an employee last week, and he failed to take this into > account. > > I went to the BES (BPS actually, but that's close enough) and deleted > the user account in the BB system. We're allowing the termed employee > to keep the device, and it was considered a bit rude to disable the > phone while they're still considered technically on leave. > > I'll be reviewing termination procedures and the checklist with them > tomorrow... > > Kurt > > On Wed, Feb 16, 2011 at 14:09, Michael B. Smith <[email protected]> > <[email protected]> wrote: > > > Actually, because BESADMIN is the account using MAPI, not the end-user > account, I don’t think disabling MAPI is going to do a darn thing here. > > > > Removing Exchange attributes is the way to go. > > > > (Sorry, I didn’t think of that. I’m not a BES expert, I just play one on > TV.) > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > > From: Michael B. Smith [mailto:[email protected] <[email protected]>] > Sent: Wednesday, February 16, 2011 5:05 PM > To: NT System Admin Issues > Subject: RE: Disabled AD Accounts and BES > > > > BES uses MAPI, yes. But if you want to prevent ActiveSync and OWA access, > you also need to turn those off. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > > From: Jonathan Link [mailto:[email protected] <[email protected]>] > Sent: Wednesday, February 16, 2011 5:01 PM > To: NT System Admin Issues > Subject: Re: Disabled AD Accounts and BES > > > > Moving forward, I would make wiping the device for terminated users an > SOP... And consider doing it now. > > > > On Wed, Feb 16, 2011 at 3:07 PM, Harry Singh <[email protected]> > <[email protected]> wrote: > > Ahh. Thanks Michael. > > > > I'll make sure the team updates their documentation to either remove > Exchange Attributes -- which I assume isn't too difficult to add back on in > the event the user returns -- or disable certain mailbox features. To > confirm, in regard to BES, if i disable the MAPI function, that should > suffice right? > > > > Harry. > > > > On Wed, Feb 16, 2011 at 2:56 PM, Michael B. Smith <[email protected]> > <[email protected]> > wrote: > > Disabling a user doesn’t stop its mailbox from receiving or sending email. > That is a specific required use-case in cross-forest scenarios. > > > > You need to disable their access via the mailbox features (MAPI and OWA and > EAS are the top-3) or remove Exchange attributes from the account. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > > From: Harry Singh [mailto:[email protected] <[email protected]>] > Sent: Wednesday, February 16, 2011 2:50 PM > To: NT System Admin Issues > Subject: OT: Disabled AD Accounts and BES > > > > All - > > > > There is a suspicion that a recently terminated employe's credentials might > still be in use on the network. (Disclaimer: I don't handle user > termination/creation) Since the user had multiple computers, I thought it > may be possible that an outlook session and of course windows session > remained logged in while the account was disabled. But I confirmed that > wasn't the case. We confirmed that the user's BB was still in service on the > BES console. It turns out that the user may still have been accessing > corporate e-mail from the BB, my question then is: How is it possible that > by disabling an AD account (changed the p/w as well) can BES still operate > normally ? What are your procedures/steps for user terminations/exits? > > > > > > Environment:AD 2003 R2 / Exchange 2K10 / BES 5.0 > > > > Thanks, > > > > Harry. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click > here:http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click > here:http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click > here:http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click > here:http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click > here:http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click > here:http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
