departing system administrator.. change policy?

[RabbieBurns]

one of our longest serving sys admins is off to pastures new, bigger and better and to a proper salary for the work done..

 

There is no animosity and they're leaving on good terms, but still, I'd like to make sure I cover all bases when implementing a lockout procedure...

 

Our written policies only really cover departing teachers and office staff, so this one is kind of new.

 

• Disable their account
  
• Change DRAC/ILO passwords
  
• Change UPS admin console passwords
  
• Change Web Domain control panel password
  
• Change local admin password on Workstations/Laptops
  
• Change local admin password on Servers
  

 

I know Ive forgotton some other things too, so please add to this list.

[FN-GM]

Firewall, Switches, WIFI Encyption, Domain admim, VPN passwords?

 

Have you considered service accounts username and passwords he might know?

 

Remember other services like your domain name provider, external web hosting etc.

 

Also take his name off the accounts of external agencies so he cant get product keys for software or order on the behlf of the school.

 

Might also be worth resetting the passwords of other domain admins in the event he knows someone elses

Edited February 22, 2011 by FN-GM
more added

[SYNACK]

BIOS passwords (not high risk but it is another password)

Online service passwords (MVLS, online backup, whatever sites you use)

Possibly Service account passwords

audit local accounts and passwords on servers

Any remote managment tools in use like logmein if that has been used anywhere

Printers, Switches, routers (last two are way more important)

Any sundry we services that don't use AD, wiki etc.

 

Much of this may be overkill but these are the passwords that they probably have stored in their brain somewhere.

[pete]

Also consider linking device accounts (where it's supported) to radius (and have one impossible to remember local password locked in a safe somewhere). That way it's much easier to manage this next time.