[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

Disgruntled Incumbent Network Admin

Hello,

I just accepted the position of LAN Manager for a small company. There is an "incumbent" in the position who, by the owners account, will not be happy with the addition/replacement. They asked me to come up with a DR recovery plan. They have a small network; one or two routers, two servers, a huge SQL database and 25 workstations but I have not physically seen or touched the network yet. They are worried about sabotage, Cisco configs disappearing, user files being deleted, password changes, network intrusion and database destruction. Has anyone come across this type of situation without seeing the network? I will probably start on Monday, November 15th, and they feel that he might walk and do major damage before he leaves. I've done some research on DR and have had some hands on experience with implementing a DRP, but not in a specific situation such as this.

Any input, technical or otherwise would be greatly appreciated.

Thank you.
0
blaja01
Asked:
blaja01
1 Solution
 
BeldoranCommented:
OW, scarry.

Not much I can say about this situation.

Unless he actually threatens or does real damage, any action they take against him could be seen as harassment or worse.

If he does do any damage and is halfway competant you may not find out for months. Or even be able to track it back to him.

If he does real 'on the spot' damage you can get the law involved, but by then it is too late.

He may not do anything.

That said, possible preventions
- get someone ELSE to to a full backup of everything they can and take if OFFSITE.
- ask external agencies to confirm any dealings with a responsible person (management)
- change any passwords that this person is not DIRECTLY required to know.
note: any of this may make him really go bad if he finds out.
- this is NOT legal in my country (yours?? maybe) BUT they could install keystroke logger on his computer to track his last days. At least you will know what was done. At least it could be done on the servers as they are not 'private' systems.

I hope others here have some suggestions. I wish you best in your new job.
(PS: I started a new job here 3 months ago under the same type of circumstances, but there were other IT staff to do most of the things I mentioned above, and we were lucky, the guy just didn't bother turning up most days, and when he did he did no work)

Bel
0
 
CBozemanCommented:
If the owners are this concerned, then they should let you examine the network prior to your official fist day.  Do this on the current admins day-off or even better after hours so anyone who is a friend won't let the change be known to the current admin.

Then you can examine the network, make backup copies of configs, and make a list of what passwords/admin access would have to change.

If the owners are letting the prior admin go, don't have them notify him until he walks in on Monday morning.  The owners should take him to their office before he has a chance to go to his that morning, then escort him through out the building until he has left the grounds.  Prior to that Monday morning, you should go through and change all passwords/access for the admin.  

Basically, the owners make the personel change without the prior admins knowledge, then pay him severance or something to help cushion the sudden blow.

CBozeman
0
 
blaja01Author Commented:
Thank you so much Bel/CBozeman for the quick and intelligent advice!!

I will relay this to the owner and see what she wants to do. But this is a great starting point.

Nothing like starting a job under "challenging" circumtances. Sure does make it interesting.  

I may need some assistance in config/password recovery on the routers/servers but I will post this question when and if I need to.

Thanks again!

blaja01
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now