Disgruntled Incumbent Network Admin

Posted on 2004-11-09
Last Modified: 2013-12-07

I just accepted the position of LAN Manager for a small company. There is an "incumbent" in the position who, by the owners account, will not be happy with the addition/replacement. They asked me to come up with a DR recovery plan. They have a small network; one or two routers, two servers, a huge SQL database and 25 workstations but I have not physically seen or touched the network yet. They are worried about sabotage, Cisco configs disappearing, user files being deleted, password changes, network intrusion and database destruction. Has anyone come across this type of situation without seeing the network? I will probably start on Monday, November 15th, and they feel that he might walk and do major damage before he leaves. I've done some research on DR and have had some hands on experience with implementing a DRP, but not in a specific situation such as this.

Any input, technical or otherwise would be greatly appreciated.

Thank you.
Question by:blaja01
    LVL 4

    Accepted Solution

    OW, scarry.

    Not much I can say about this situation.

    Unless he actually threatens or does real damage, any action they take against him could be seen as harassment or worse.

    If he does do any damage and is halfway competant you may not find out for months. Or even be able to track it back to him.

    If he does real 'on the spot' damage you can get the law involved, but by then it is too late.

    He may not do anything.

    That said, possible preventions
    - get someone ELSE to to a full backup of everything they can and take if OFFSITE.
    - ask external agencies to confirm any dealings with a responsible person (management)
    - change any passwords that this person is not DIRECTLY required to know.
    note: any of this may make him really go bad if he finds out.
    - this is NOT legal in my country (yours?? maybe) BUT they could install keystroke logger on his computer to track his last days. At least you will know what was done. At least it could be done on the servers as they are not 'private' systems.

    I hope others here have some suggestions. I wish you best in your new job.
    (PS: I started a new job here 3 months ago under the same type of circumstances, but there were other IT staff to do most of the things I mentioned above, and we were lucky, the guy just didn't bother turning up most days, and when he did he did no work)

    LVL 3

    Expert Comment

    If the owners are this concerned, then they should let you examine the network prior to your official fist day.  Do this on the current admins day-off or even better after hours so anyone who is a friend won't let the change be known to the current admin.

    Then you can examine the network, make backup copies of configs, and make a list of what passwords/admin access would have to change.

    If the owners are letting the prior admin go, don't have them notify him until he walks in on Monday morning.  The owners should take him to their office before he has a chance to go to his that morning, then escort him through out the building until he has left the grounds.  Prior to that Monday morning, you should go through and change all passwords/access for the admin.  

    Basically, the owners make the personel change without the prior admins knowledge, then pay him severance or something to help cushion the sudden blow.


    Author Comment

    Thank you so much Bel/CBozeman for the quick and intelligent advice!!

    I will relay this to the owner and see what she wants to do. But this is a great starting point.

    Nothing like starting a job under "challenging" circumtances. Sure does make it interesting.  

    I may need some assistance in config/password recovery on the routers/servers but I will post this question when and if I need to.

    Thanks again!


    Featured Post

    NetScaler Deployment Guides and Resources

    Citrix NetScaler is certified to support many of the most commonly deployed enterprise applications. Deployment guides provide in-depth recommendations on configuring NetScaler to meet specific application requirements.

    Join & Write a Comment

    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now