On the employee termination form there is a check box that managers can check if they want access to data. - If they want data access our accounts team sets permissions and then then sends them an email with instructions. - they are also notified of the delete date, they can request an extension - if they don't, it's gone.
If they have data on a shares are on your LAN, how do you find it and kill it? Dave From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, August 18, 2010 11:35 AM To: NT System Admin Issues Subject: Re: Old user data We disable the user account and move it to a specific OU. 30 days we delete the user account. - We have a script which checks daily and if there is no AD account will delete the user network drive, terminal server profile - We have Exchange set to kill disconnected mailboxes 30 days so email has 60 days grace On the employee termination form there is a check box that managers can check if they want access to data. - If they want data access our accounts team sets permissions and then then sends them an email with instructions. - they are also notified of the delete date, they can request an extension - if they don't, it's gone. - if necessary we can restore from backup. 5k+ employees, only happened once in the last few years Steven Peck http://www.blkmtn.org On Wed, Aug 18, 2010 at 10:37 AM, Ziots, Edward <ezi...@lifespan.org<mailto:ezi...@lifespan.org>> wrote: Isn't the property created on the companies computers by the employees during said work, the property of the company? Why does an employee that leaves entitled to any information whatsoever? Again HR policy will dictate what is truly personal, and what is business related, but could be a nice avenue for information disclosure... if you aren't careful. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org> Cell:401-639-3505 From: Devin Meade [mailto:devin.me...@gmail.com<mailto:devin.me...@gmail.com>] Sent: Wednesday, August 18, 2010 12:03 PM To: NT System Admin Issues Subject: Re: Old user data We just revamped this process. The user prep's an exit folder. The user's supervisor makes a pass through it to cull any contract docs etc out. The the IS dept head does the same. Then we burn a CD or DVD fur the user. Before this is done, we make a separate image of their workstation, user folder and export the mailbox to PST. We attempt to capture and "undisturbed copy" of this data. This is burned to CD/DVD. This goes to HR and they follow their own data retention policies. IS maintains no long term archives of this data type. We keep their old workstation for no more than a week or two. It may have CAD templates and Lord-Knows-What-Else. We change the user's password and their dept head is supposed to login as the user and poke around to see if they need anything. This is a subset of a Data Retention Policy, I'm sure I forgot something... Devin On Wed, Aug 18, 2010 at 10:48 AM, Andrew S. Baker <asbz...@gmail.com<mailto:asbz...@gmail.com>> wrote: Definitely. Or give them a DVD. We don't allow them access to the former user's location for file storage, as that creates too many plausible deniability [1] scenarios. ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by WiseStamp<http://www.wisestamp.com/email-install> [1] Mix and match posting [2] [2] Inside joke [3] Even bigger inside joke On Wed, Aug 18, 2010 at 11:45 AM, Steven M. Caesare <scaes...@caesare.com<mailto:scaes...@caesare.com>> wrote: Contact supervisor and offer to copy data to new location of their choice, often as a subdir to them. -sc From: David Lum [mailto:david....@nwea.org<mailto:david....@nwea.org>] Sent: Wednesday, August 18, 2010 11:43 AM To: NT System Admin Issues Subject: Old user data How do you guys manage deleting data from employees that have left the company, what's your process? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~