Disgruntled Incumbent Network Admin


I just accepted the position of LAN Manager for a small company. There is an "incumbent" in the position who, by the owners account, will not be happy with the addition/replacement. They asked me to come up with a DR recovery plan. They have a small network; one or two routers, two servers, a huge SQL database and 25 workstations but I have not physically seen or touched the network yet. They are worried about sabotage, Cisco configs disappearing, user files being deleted, password changes, network intrusion and database destruction. Has anyone come across this type of situation without seeing the network? I will probably start on Monday, November 15th, and they feel that he might walk and do major damage before he leaves. I've done some research on DR and have had some hands on experience with implementing a DRP, but not in a specific situation such as this.

Any input, technical or otherwise would be greatly appreciated.

Thank you.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

OW, scarry.

Not much I can say about this situation.

Unless he actually threatens or does real damage, any action they take against him could be seen as harassment or worse.

If he does do any damage and is halfway competant you may not find out for months. Or even be able to track it back to him.

If he does real 'on the spot' damage you can get the law involved, but by then it is too late.

He may not do anything.

That said, possible preventions
- get someone ELSE to to a full backup of everything they can and take if OFFSITE.
- ask external agencies to confirm any dealings with a responsible person (management)
- change any passwords that this person is not DIRECTLY required to know.
note: any of this may make him really go bad if he finds out.
- this is NOT legal in my country (yours?? maybe) BUT they could install keystroke logger on his computer to track his last days. At least you will know what was done. At least it could be done on the servers as they are not 'private' systems.

I hope others here have some suggestions. I wish you best in your new job.
(PS: I started a new job here 3 months ago under the same type of circumstances, but there were other IT staff to do most of the things I mentioned above, and we were lucky, the guy just didn't bother turning up most days, and when he did he did no work)


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If the owners are this concerned, then they should let you examine the network prior to your official fist day.  Do this on the current admins day-off or even better after hours so anyone who is a friend won't let the change be known to the current admin.

Then you can examine the network, make backup copies of configs, and make a list of what passwords/admin access would have to change.

If the owners are letting the prior admin go, don't have them notify him until he walks in on Monday morning.  The owners should take him to their office before he has a chance to go to his that morning, then escort him through out the building until he has left the grounds.  Prior to that Monday morning, you should go through and change all passwords/access for the admin.  

Basically, the owners make the personel change without the prior admins knowledge, then pay him severance or something to help cushion the sudden blow.

blaja01Author Commented:
Thank you so much Bel/CBozeman for the quick and intelligent advice!!

I will relay this to the owner and see what she wants to do. But this is a great starting point.

Nothing like starting a job under "challenging" circumtances. Sure does make it interesting.  

I may need some assistance in config/password recovery on the routers/servers but I will post this question when and if I need to.

Thanks again!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.