Best Practices: New Employees & Terminated Employees

What is the best practice for items to include on either a new employee \ terminated employee I.T. checklist? (for example: AD, email account, passwords, permissions...)
bkorodiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Think about what an employee might need at your organization.  My organization probably differs greatly from yours so there wouldn't necessarily be a good template for everything... but think about how you setup a new person, their requirements.  Further, depending on department, some employees might have different needs than others.  Payroll may require an account with a payroll service provider while Accounts Receivable might not.  Step through all the job titles your company has, think about what they need.  Consult with the managers in each section.

As for terminating, I strongly recommend NOT deleting accounts for a VERY long time - DISABLE them.  This allows their SIDs to continue to exist and identifies who they are even after they are gone.  Also, VERY MUCH avoid assigning permissions to users... assign permissions to groups and create a change log of when users are added and removed from the groups.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MontoyaProcess Improvement MgrCommented:
There's a lot that can be done, based on where you work and how much access you have, or how rights are provisioned.  

As Lee said, groups are always better:
Here's a very quick list (for IT)

desk location
enable ports
enable phone (VOIP or w/e)
desktop or laptop?  
submit serial
Assign image (sometimes different groups get different images installed on laptop/desktop)
add AD account
add Exchange account
Admin of desktop or laptop?
Member of (Assign group memberships)
how many monitors?
ergonomics?
etc.. etc...

that's a simple top of my head list, while Im driving... Im sure others will add
0
SunBowCommented:
ditto Lee W, MVP
review Iammontoya - add a touch or two regarding building security, parking, privacy policy, toleration - if you find something missing then there is a problem to redress.

Review termination, where turn in of keys is obvious, distinguish voluntary (ex:retirement) from involuntary (ex: fired for cause, not just let go). Person leaving should be monitored, have someone else pack bags for involuntary departees.

You (company) should always have backup plan, person who fills in for another and has same access. All data should be preserved, for years, already a process in place for that, so at termination remove all online data (ex: email) for employee 30 days after termination, Person's PCs/drives should be erased immediately.

LogonID should be disabled immediately. I worked at large company that deleted ID after 30 days. Remember it is possible a mistake was made, a persons can change mind about leaving, retiring etc., and there are legal issues for preservations for corporate information such as regarding procurements. eMail for account should be redirected to global administration only.

As said I agree with Lee, don't delete ID (e.g. disagreed with a company policy).

Try to ensure all employees are treated well, even as they leave. They may return. They may be a supplemental resource just a phone call away. Timely handling for their insurance, medical, severance, - some days off for adustment period both the arriving as well as the departing.

New person needs some training to adapt to company, may need relocation time, time to ramp up, get family settled in. If you can overlap first week of one with last of the other so much the better.
0
nickg5Commented:
As Lee said this should be a high priority:

"As for terminating, I strongly recommend NOT deleting accounts for a VERY long time - DISABLE them.  This allows their SIDs to continue to exist and identifies who they are even after they are gone."
0
SunBowCommented:
8<) TY
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Operations

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.