3

As of this week, all Domain Admins in the organisation have had to submit to background and credit checks in order to maintain these rights, and quite possibly continuation of employment (afterall, what use is a Domain Admin to an organisation without any privs).

This seems like overkill to us. Although we're a large multinational natural resources corporation, we are not a military, government, or medical organisation, and we certainly don't work with children (although it does feel that way in some meetings).

So, I guess my rather general and open question is this:

  • Have you been subject to background, security, and credit checks in the line of duty?
  • If so, what type of organisation was it?
  • Did you feel it was warranted, or overkill?

Thoughts and comments appreciated

Izzy
  • 8,214
  • 2
  • 30
  • 35

9 Answers9

4

The only time I've ever had to go through a background check was at time of hire. However I know that some companies to like to do them every once in a while just to be safe. If it's in the terms of your employment (which I'm sure that it is) then the company feels that it's warranted and in their best interest.

When you have the keys to everything a little extra checking is to be expected.

mrdenny
  • 27,074
  • 4
  • 40
  • 68
  • When you put it so diplomatically, how can I refuse! ;) What you say makes perfect sense - it just seems excessive, what with the credit check, and police check etc. I have nothing to hide - I just like to maintain my air of mysteriousness ;) – Izzy Aug 07 '09 at 22:02
  • It's sad that we IT Pros have to go through these sorts of background checks. Wonder if they do the same for the accountants who could empty the bank accounts, or the Accounts Payable guys who could setup a fake vendor and send them selves all sorts of payments. – mrdenny Aug 08 '09 at 00:02
  • 1
    @mrdenny Sysadmins are one of the few sets likely to be able to cover their tracks, though. Accountants and accounts payable won't be able to wipe/tweak the logs after they do the deed. – ceejayoz Aug 08 '09 at 18:59
  • 1
    This is true, but in the last 10 years how many companies / economies have been destroyed by accounts compared to by the sysadmins? – mrdenny Aug 08 '09 at 20:26
3

I haven't been, but I would be of the opinion that Domain Admin is a position of HUGE responsibility, and everyone from the lowliest grunt up to the CEO has to be able to absolutely trust you, often without even knowing it. Based on that I think some degree of checking is definitely not overboard, although I'm fairly dubious about credit checks. True, if you needed the money you could turn a handy profit from pirating Volume Licensing copies of Windows (not that I would advocate such behaviour), but all the same you do have to draw a line somewhere, and in today's economy a totally honest person could possibly fail some kinds of credit check - which would be to the organisation's disadvantage.

I'm more of a fan of starting people off with a low level of privilege - such as admin access to a non-critical/non-sensitive server or some desktops - then seeing how they get on (and how they behave) before gradually building them up. That way you know that when the time comes to give them the Power Supreme they will already have a proven track record in your org.

You can't legislate for a true loose cannon either way; someone could feasibly pass every check but then wreck your environment within 5 minutes of being set loose on it, or could hold in their destructive impulses over even a year of being built up through a careful privilege hierarchy.

Maximus Minimus
  • 8,937
  • 1
  • 22
  • 36
1

The company I presently work for did a background check on me when they hired me. Standard practice for all new hires.

At a company I previously worked for, I had to undergo a more extensive background check for a federal security clearance because we did some work for government.

I think it's all completely warranted. There's a lot of bad people out there. If you're one of the good guys, you have nothing to worry about.

Scott
  • 1,173
  • 3
  • 13
  • 25
1

I would say in this day and age and due to the power that a domain admin has, it's not an unreasonable request.

I would ask these questions though:

  1. What are the disqualifing failures? ie You got a suspended license for drunk driving and one of the review's has a issue with drunk drivers. (not that I am saying this is ok), but you want to know before hand how they will be applying the findings, rather then getting the findings then they decide what they don't like.

  2. Is this the same as what the new hires get subject to? It should be, if its not for someone being hired to the same job, you may have a case should you be fired.

SpaceManSpiff
  • 2,547
  • 18
  • 19
1

I can't comment for anywhere else and I am well aware that laws vary from place to place but here in Australia that isn't even legal. Other than government and military positions, here an employer can request a security check as part of the employment process but not afterwards. A credit check cannot be requested at any stage.

As a multi-national your company needs to be aware of the legal situation in each and every place it employs people. As an emloyee you need to be aware of what is legal where you work. Get advice if necessary. Not from a site like this but from an actual lawyer.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
  • One of the ways a company can get around it is by reclassifing all positions as part of a restructing and then all the positions are new. In effect forcing everyone to reapply for their jobs, but in a new position. Its worked in other places, may work there too. Thats the type of company though I wouldn't want to work for. – SpaceManSpiff Aug 08 '09 at 05:35
  • You're probably right. Certainly that method has been used to lower wages and salaries. – John Gardeniers Aug 09 '09 at 01:58
0

i would resign if my employer insulted me like that, but then i don't work for the military, the police, banks, or anywhere else where a security check would be justifiable.

and i'd be tempted to present them with an invoice for "loss of privacy" as if it's a product or service they are purchasing from me. purely symbolic, of course, there's no way anyone would pay it.

and, as mrdenny suggested, there's a difference between a check at time of employment (where you know up-front that that is a requirement of the job) and a check later where it is an additional condition added afterwards.

cas
  • 6,653
  • 31
  • 34
0

I'm a Domain Admin, and I have not been subjected to a background check of any kind. I also work in the government sector. From what I understand most universities are not doing background checks of their admins.

Tatas
  • 2,091
  • 1
  • 13
  • 19
0

I have been, both here and at my previous employer. As part of the Active Directory roll out at the old job, we integrated a law enforcement agency into the tree. As a precondition for joining they mandated that all Enterprise and Domain administrators had to pass their background check. Frankly, I was amazed they allowed themselves to be joined that way and didn't insist on complete isolation. It certainly made MY life easier that they decided to be friendly.

Hilarity ensued when one telecom guy had a misdemeanor in another state umpteen years ago, which would have been classified as a felony in our state. They wouldn't even let him into the building. So he went and had the misdemeanor expunged from the record (he was a minor at the time IIRC, and that state allowed that) and had his background check re-ran, which came back clean this time. They let him in the building after that, but they always gave him the hairy eyeball. Even years later. It was strange.

I had it done at this job. While we are higher ed, we do get the occasional under-18 and are state-funded employees with the keys to the financial kingdom.

We're highly trusted enough that even the suspicion of evil is enough to lose our jobs. Proof, smoof; if someone accuses us of unlawful or even deeply unethical behavior we'll be depriviledged until the matter is resolved. Period.

It's all about trust.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
0

Background checks are more or less useless. Whatever a domain admin would do would be considered a white collard crime, and the fact is that the majority of white collar crimes are done by first time criminals, not felons.

Look at all the good white collar crimes over the past year or so. Remember Bernie Madoff, want to bet on what a background check on him would have revealed?