On Fri, 9 Jun 2000, Jesus Gonzalez wrote:
> downloaded it, and while he's been out of town, he's yet to use it. He's
> also downloaded the Win2K high encryption pack, my guess is that he intends
> to crack and change the local admin password, then install the HE pack in
> hopes of preventing us from doing what he just did (can you say REimage).
> It's stupid, I know. And I can't believe I'm having this battle.
>
> I would like to know what policies people have in place for users who
> attempt to crack passwords using such tools? When I spoke to HR and spoke
Make sure appropriate usage terms are enumerated in a usage policy. Also,
make sure both the employee and his manager understand that the resources
are *not* personal resources, and that the organization has not just a
right, but an obligation to be able to access its resources irregardless
of the employee's presence or disposition.
In a case like this, I'd have both the employee and the manager sign that
they understand and have read the policies and keep them on file in HR.
Explain to the manager and your boss what it's already cost you in terms
of expense to do this, project ongoing costs and if you can do internal
billing, forward as appropriate, that might get some action.
Optionally, disconnect the workstation from *your* network until it's in
compliance with *your* policies. If you have switches, lock down the
ports at that location to the established MAC addresses.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
