Hi All,
please excuse this message since it's a bit off topic, but I could use your
expert opinions to give me some backup.
There is a programmer in our company who seems to think that he is above all
of our policies and procedures. Yes, he is a new guy but has endeared
himself to his manager (as the Director of IT, I report to someone else
entirely). He's continusouly installing applications on his machine and the
servers because he says he needs them, even though policy clearly states
that only IT is allowed to install authorized applications on all
workstations, and certainly the servers. He even changed the local admin
password and refused to give it to us, and he's password protected his bios.
That stunt earned him a fresh image and a CMOS clear and OUR password in the
bios.
So we finally had no choice but to lock his system down (a Win2K box) and
not give him the local admin password so he can't install anything.
Naturally we were well aware of programs like l0phtcrack and others to break
the admin password, but never though he'd resort to it. Sure enough, he's
downloaded it, and while he's been out of town, he's yet to use it. He's
also downloaded the Win2K high encryption pack, my guess is that he intends
to crack and change the local admin password, then install the HE pack in
hopes of preventing us from doing what he just did (can you say REimage).
It's stupid, I know. And I can't believe I'm having this battle.
I would like to know what policies people have in place for users who
attempt to crack passwords using such tools? When I spoke to HR and spoke
in general terms, the Director said she would fire anyone who did that.
When I told her who it was, she backed off and said 'oh, that will be
tough'. I guess I'm just looking for others who have dealt with this, or
who have clear and tested policies in place so that I may have something to
back me up when push comes to shove.
Thanks in advance!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
