Ask Slashdot: Dealing With User Resignation From an IT Perspective?

New submitter recaptcha writes Today one of my fellow workers has announced he has found another job and will be leaving our company in two weeks' time. This is all above board and there is no disgruntled employee scenario here; he is simply working through his notice period and finishing up some jobs. I have already set some fileserver folders to Read-Only for him and taken a backup of his mailbox in case he empties it on the last day. Which best practices do you follow that will prevent a resigning user from causing any damage (deliberately or not) in these last days of employment before his account is disabled?

Delete stuff.

[SuricouRaven]

Get him to delete anything personal, because chances are his co-workers are going to be asking for access to his files and emails so they can continue whatever work he was in the middle of.

Remove access ASAP

[Fallon]

Removing access immediately is important for 2 reasons. The first is obviously security. Then 2nd is figuring out what he does & making sure somebody else has that access & knowledge.

If he's still in the office & gets a call or something to fix an issue it will have to get bounced to somebody else. You'll have him available to do knowledge transfer on what he use to have access to do. If he's not in the office, but still getting paid he's still available for knowledge transfer. If he's past his 2 weeks notice, he has 0 obligation to assist you guys or provide any knowledge & training to his former employers.

Whenever I give notice I expect to loose my administrative access pretty much immediately. I've already backed up anything personal. I feel no disrespect when it happens. Seriously? Boho, you are giving me 2 weeks of paid vacation time, cry me a river. It's slightly annoying if I'm still around for those 2 weeks with no privileges to do anything, but I know exactly why they have been removed. Being ostracized is one thing (and not really kosher), but merely having admin credentials revoked should be expected.

As far as a security issue goes, any competent disgruntled sysadmin has already done the done the damage or set the logic bomb before they have given their notice. Still, better safe than sorry.

This is a always an interesting situation

Pretty much any company that has to let somebody go (especially if that someone has access to critical files: source code, legal docs, etc)...there is always the "what we do to protect ourselves in case this guys goes nuts and destroys company property?"
First, only a very dumb person would attempt anything like that since that could have criminal implications. There are files that are worth thousands or millions (or whatever the company says). If our guy found a job somewhere else, he has a vested interest in leaving in the best terms...there is no gain in settling scores with the old-to-be employer at the last minute.

Second, and this is the most important factor, the discussion about mitigating the risk is interesting since it was the person who's leaving who actually put in his notice! This means, he's leaving in his term, and in the exact time frame his chose. This means, he could've cause all the damage he wanted _before_ resigning, not after all eyes (including the OP's) are on him!!! Of course nothing guaranties the guy wouldn't go nuts and do something stupid in the last minute (see German pilot in the new currently). We just have to keep our fears in check and make sure all parties are respected and be civil about the whole thing. As previous posters mentioned, there should always be a rigorous back-up policy in place so anything that gets deleted by ANYONE can be recovered fully and no interruption occurs in production. It shouldn't matter if a user put in a notice or not. This is why some large companies just don't give access to the C drive for their users...My Documents is on a mapped drive that gets backed up.