Developer environment

Hello everyone.  I have a problem I think...

We have a new employee who has started with us and is very set in their ways.  

They are the new manager of the developer department for us.  I will from now on refer to this person as (DEV BOSS) and these developers that work under this person as (DEVELOPERS).  They all work with various versions of Visual studio, sql and sourcesafe among other things.  

A Developer decided they needed to leave the company and take another job elsewhere.  Per IT Policy We disable AD credentials Backup their My Documents Folder and leave their account disabled.  When this DEVELOPER left and went to turn in their laptop the DEV BOSS asked for their username and password for windows.  This is obviously a big no no.  I am militant in my enforcement of our password policies, there is no reason in a proper IT environment for user credentials to be shared as far as I am concerned.  Any company that takes security seriously affirms this.  

The employee correctly said No I can't give you my password see IT.  Which this individual did.  The DEV BOSS tried to make the case that they needed the former DEVELOPERS user password because the programmer had "set up a development environment" on the laptop and did not want to have to recreate it from scratch and lose all this persons work, the only way to avoid this is to continue using a username and password for an employee who has left the company.  This I won't budge on.  

I have to know, in companies much bigger than mine, when you have a developer work on their own laptop and set up an environment for testing (whatever that means) And that user leaves and the hardware gets reassigned Don't you format the laptop and start from scratch?  I need to make room for the new users profile and am cool with just deleting the user specific profile not messing with any program files.  

I've given the new user the same rights on the machine and our network the old user had.

This should in theory leave whatever this user is talking about alone.  I realize this is a poor description of the problem I am having but that's because i don't use VS or anything these programmers use and am having difficulty grasping what the DEV BOSS is complaining about.  I fully disbelieve (especially after consulting with other IT companies as well on this) That #1 There is never ever a reason for someone to know someone elses password even after they leave. #2 Microsoft developer software really isnt as dumb as this DEV BOSS is letting on.  

  I hate delaing with stuff like this especially when someone who comes from a company that had way more relaxed policies than we do INSISTS that they must get their way and circumvent our policies.  

How do you all setup developer laptops?

Is this DEV BOSS full of it?  Or have I made some real deadly assumptions here?
Who is Participating?
CallandorConnect With a Mentor Commented:
DEV BOSS screwed up - he should never have permitted anyone to set up a situation where the development environment can only run on one person's machine.  This is a classic violation of business continuity, and you should be able to bring in higher management to back you up on this.  If the company values their future, they should do it right and always make sure there is limited risk exposure to critical events, including people leaving.  Otherwise, they are promoting job security unintentionally.
WikkardConnect With a Mentor Commented:
Firstly I admire your desire to stick with the principles of good security, however I think in this case the DEV BOSS has a pretty good argument for getting access to this developer account.

There is nothing secret about a developer account, if the user has left the company then their entire profile, data, emails etc etc is company property and their successor should be granted access to it.  Just reset the password and give the DEV BOSS access.

I can tell you that if often takes about a week of downtime to correctly configure and install the entire software development stack. Due to the complexity of the configuration required.

For exmaple I have IIS, SQL Server, Oracle, mySql, Eclipse and lots of other really heavy tools on my machine. Many of these take a full day to install and configure correctly. We are toying with the idea of a developer standard operating environment (SOE), a base image we can use to short circuit the week of downtime if developer pc needs to be rebuilt.

The user profile isn't that sensitive, nor is the account, if you are worried about revealing this ex-employees password then reset if to something else.  Also MS development tools use My Documents/Visual Studio [Version]/Projects/ as the default location for development projects. So deleting the user profile may have deleted the work.
LWDudAuthor Commented:
Ah, interesting.  Worst case perhaps I can restore the local my documents folder which was redirected to a file server and backed up.  

My reason for standing my ground on the pw poliy is that this particular developer used to be part of the IT department and as we grew the department had to be split up and this account SHOULD have been reconfigured on the spot with the right permissions no matter the cost, but as they were a trustworthy individual with years of loyalty to back it up we let this one case slide.  

It was far easier to say ok welcome to the developer group forget you have the IT permissions (not ideal I know but I do not want the mess to propigate beyond the employee when they left) you had.  Unfortunatly again this user had way more permissions than a regular developer should have had and the new DEV BOSS managed to wipe out the production environment their first week on site!  Giving those credentials would not contain the mess this person could create to simply this laptop.  

DEV BOSS was given their documents, email and whatnot so they did have access to all that.  

I was trying to maintain the integrity of our log files.  When a user leaves the company there is no reason we should see the username pop up again except for the occasional here and there, exceptions being clearly documented.  This individual would have kept this going indefinitly.  

I do regret accidentally creating a tremendous amount of work for an already really stressed out employee but if I didn't touch any of the installed programs (save google toolbar) and not one file in the users local profile had been modified or accessed (according to NTFS) since this developer left months ago was this really such a blunder?

Not to go all teenager with my vocabulary here but Really? Not touching any of the program files directory blew up an environment the DEV BOSS shouldnt have been able to access this whole time while the account remained disabled?
LWDudAuthor Commented:
Also I typo'd my original question it should be  I fully *believe* (especially after consulting with other IT companies as well on this) That #1 There is never ever a reason for someone to know someone elses password even after they leave. #2 Microsoft developer software really isnt as dumb as this DEV BOSS is letting on.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.