Possible Duplicate:
When a sysadmin leaves what extra precautions need to be taken?
A company has been maintaining its ALL internal and external (like google emails, apps, etc.) IT systems (computers, servers, networks, web sites, security keys to bank accounts and auctions, passwords, etc.) with the help of external (coming) system administrator, the only one exclusively.
Mostly he worked remotely over internet.
And top management had decided to inform him that he is being replaced by another, employed one.
Obviously, the previous administrator is disgruntled.
The IT infrastructure, configurations and policies are not documented.
Internal company networks are based on MS Windows Server 2003.
External services employed are not centralized rather known to the previous administrator and each of many employer (workstation).
What are
- the steps to do,
- points to check,
- tools, procedures and policies to employ,
- minimum documentation/descriptions to require
in order to make sure that IT corporate security (and confidential internal data, if it is possible at all) was not being left compromised, intentionally or unintentionally, by the previous system administrator?
Update:
Due to comment that this was a duplicate question, I want to inform that before submitting this question I googled/searched by 4 strings which are a cobination of 2 pairs of keywords:
- disgruntled/rogue sysadmin/"system administrator site:stackexchange.com
but couldn't find anything, so the question should contain an obvious to and commonly accepted by everybody set of keywords to be searchable.
It is me who was hired for developing/reorganizing the accounting information systems in this company and, in addition, to maintain computers and networks. I was told before coming that there was nothing to do, just to periodically remove dust from computers, to add users and replace malfunctioning details (video cards, etc.) that takes no time at all.
I demanded immediately and repeated few times later again that former sysadmin should never be fired but in vain.
The only concession I could make was that former (external/coming) sysadmin wouldn't be fired immediately but in 3 weeks. Anyway, he was informed immediatelyabout being fired, so it just aggravated situation since he is overiding my actions remotely and do not inform what he is doing or cooperate in any way while I am logging my task and actions in a file shared to everybody (this is a known to every employer file for registering problems to be solved).
This company does not have a single IT worker or a specialist with computer-related education to check, formulate or put any IT policies.
There are 40-50 Windows Vista, XP, 7 computers in 7 workgroups (in 3 buildings and 2 cities + access of employers in business trips and remote representatives in different regions from remote cities) using terminal sessions access to MS Windows 2003 Server, no Active Directories/Domain Controller.
Also the situation is aggravated by the fact former sysadmin (is offended and) does not want to stay (and/or) cooperate even under conditions that I go away and leave him to continue.
So, I asked here more specifically immediately (by specifying network with Windows 2003) and additionally I would appreciate any advice on:
- how to avoid getting in such situations in future
- the possible arguments to convince the owners in necessity to have additional IT worker (the obvious ones were already all used in vain)
- what to do in situations of concurrent well-crafted sabotage by former-though-still-in-power sysadmin.
I cannot close his access since I still completely depend on him for eventual emergencies in future
Update2:
The network and IT systems of my company are basically unprotected even for a middle-qualified external hacker or a disgruntled employee with qualifications of advanced user since most users work with administrator privileges in workgroups (no centralized AD/DC).
The external accesses and interactions are difficult to control and even grasp fast (for replacing the system from scratch) since this is a trading company with non-trivial and intensively used external communications:
- different messengers, email systems;
- а few corporate websites (few DNS domains);
- different encrypted accesses to banks and trading auctions over the internet (with different encrypting systems, security keys and tokens);
- remote accesses to the systems of company by representatives in other cities over the internet
