Disabling domain accounts
Can someone explain to my why, if they know somebody will be off for say 6 months due to an operation they will disabled their domain account in AD "for security reasons"? What security reasons are there to disable this account? What other reasons are
there aside from security to disabled this account?
May 31st, 2011 7:38am
Hello,
only security, if the password from the person is known by others nobody can logon during that time. There is no other side effect on disabling that account.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2011 8:12am
It could be also caused by local law. In Example in Poland user cannot log on to computer(s) while he/she is off for long time (sick/holidays) then some goverment organisation can set fine for a company in which user is working. So, this is important to
disable temporairly user(s) account(s). And of course for "security" reason as Meinolf described above.Regards, Krzysztof
May 31st, 2011 8:28am
It could be also caused by local law. In Example in Poland user cannot log on to computer(s) while he/she is off for long time (sick/holidays) then some goverment organisation can set fine for a company in which user is working. So, this is important
to disable temporairly user(s) account(s). And of course for "security" reason as Meinolf described above.
Regards, Krzysztof
Who could catch them out for logging in to work when off claiming to be sick?
Or do you mean its the employers of the person off sick that will check if they had been trying to login?
They'd need access to your data/network wouldnt they?
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2011 8:32am
Hello,
only security, if the password from the person is known by others nobody can logon during that time. There is no other side effect on disabling that account.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Is that really security though, if they knew the password they could have had months if not years logging in as this other user before they went off sick and the account got disabled....
May 31st, 2011 8:35am
In case of any control (in big companies these controls are frequent) or your former employee did announce anonymously to goverment ("work inspection"), they ask for logs to check if someone was working when he/she was sick. If so, you will pay a fine because
our law doesn't allow working when you are sick or on holidays. Additionally they ask if you have implemented any mechanism which blocks unused accounts for some period of time.
So, even for administrators it's good to disable accounts, because sometimes user(s) has/have remote access permission and it's unsecure to leave account(s) enabled. Good practices say: do not leave holes if you know they are holes!Regards, Krzysztof
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2011 8:48am
In case of any control (in big companies these controls are frequent) or your former employee did announce anonymously to goverment ("work inspection"), they ask for logs to check if someone was working when he/she was sick. If so, you will pay a fine because
our law doesn't allow working when you are sick or on holidays. Additionally they ask if you have implemented any mechanism which blocks unused accounts for some period of time.
So, even for administrators it's good to disable accounts, because sometimes user(s) has/have remote access permission and it's unsecure to leave account(s) enabled. Good practices say: do not leave holes if you know they are holes!
Regards, Krzysztof
Be very interested if anyone knew the rules around this in the UK?
May 31st, 2011 9:13am
Be Forwarned, I am no lawyer and cannot provide any legal guidance towards your situations.
All of you may be able to find resources in your area regarding Cyber Laws online but...
Typically you just need to speak with a Cyber Crimes lawyer or law practitioner to discover the laws in your area to see what applies. They will typically be obliged to help you with some resources or provide you with some information to obtain those
laws in-depth so you can follow legal compliance as well as IT Compliance.
Google Search: "UK" Cyber Laws or "UK" Information Security Laws for System Administrators.
I found some resource here:
http://www.jisclegal.ac.uk/LegalAreas/ComputerMisuse.aspx
Some of the contents in that Computer Misuse Act may apply to system administrators responsibilities... So read it anyway if you find yourself in the IT Field in the UK.
Hope that helps!
Best Regards,Steve Kline
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Technology Specialist: Active Directory, Network Infrastructure, Application Platform, Windows 7
Microsoft Certified Product Specialist & Network Product Specialist
Red Hat Certified System Administrator
This posting is "as is" without warranties and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2011 9:30am