Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Concerned IT Manager about Network Admin 1

Status
Not open for further replies.

zentastic

IS-IT--Management
Nov 12, 2005
10
US
Hello all,

I am having problems with my network admin. He has been with me over a year now and he is young and bright. For a whole year he has shown intitiative and I have expressed my appreciation for that since my other techs didn't give me that sort of dedication. Well, now his years probation is out. He has become quite rude to our users when he does his help desk duties.

He has been studying and setting up servers and doing great doing so. BUT I came across a support forum he frequents. He has a thread in there asking for a hidden admin account. He has been given advise by someone on the board and I'm not quite sure if that hidden account is in there.

My question is as follows:

First - How can I limit his access again since he has full rights. I want him to still be able to hand user accounts and network duties but I want to limit his full potential.

Second - How can I find out if I have a hidden admin account?
 
Zentastic,

You would probably do better asking a technical question in the technical forums here relating to the server operating systems that you run.

John
 
Most Host-based Intrusion Detection systems should be able to tell you whether the hidden account exists or not. If he used the Registry hack to keep from displaying the account on the login banner, then you can find them quite easily using the search function under RegEdit. If you don't have an acceptable use policy for your computers and networks, it is probably high time to create the documents.

Limiting the access of an administrator is kind of an oxymoron. It is possible, but difficult. Creating an exception for a single user (or administrator in this case) is probably not the best way to go. Sitting him down and explaining that you have issues with his performance and his illegitimate use of resources is probably a better route. But find and eliminate those hidden accounts first.


pansophic
 
Thanks so much! I'm discovering all kinds of things now. I went into control panel and now I can't add or remove programs from the server. There is a suspicious program on there called goverlan. I think a long talk to is going to take place on Monday!!!
 
BTW, what is a good intrusion detecting software?
 
How did you come across a support he frequents? How do you know he is not on this forum right now?

 
He uses that board and says he doesn't like this one - too busy for him! How rude :(
 
Thank you all. You have all been a great help. I'm going to talk to him on Monday. Hopefully he hasn't goverlan'd into my PC...I just finished his co-workers review. What timing huh???

 
*wry smile* let us know how it goes

Mike

I am not inscrutable. [orientalbow]

Want great answers to your Tek-Tips questions? Have a look at faq219-2884

 
If the network is based around Active Directory, just look for unexpected members of Domain Admins, Enterprise Admins and Builtin\Administrators on your domain controllers.

Goverlan is valid remote control / helpdesk software. See but I'm sure you would know about it if you organisation had a license.

John
 
For a whole year he has shown intitiative and I have expressed my appreciation for that since my other techs didn't give me that sort of dedication

1) Did you mention too him that he is better than the other techs?
2) He is rude to the users

If he only received kudos, and start compairing his earnings to other ones wo are performing less (words of the boss), don't expect Mr. Big Smile walking around.
Did he made any enemies within the staff? You know the New Guy, boss pet.

Steven
 
No but I did mention to him that I respect his initiatives to learn and I didn't mention the other technicians...even though they are a bit slower than he is. My problem is that now that the probationary period has ended (and we are a union shop) his whole attitude has changed.

When I mean rude to staff, I mean even to myself his supervisor. If he does have enemies then I don't know anything about it. He keeps to himself most of the time and thinks all our users must be stupid or something.

 
the probationary period has ended, we are a union shop

Does this mean you have to actually hire him, or else you got the union clan jumping on to you?

We also have a union, a strong one, but they wouldn't dare to tell me who I must hire, because the headache is mine. He is rude to you because you let him. Are the inmates running the assylum?
Everybody will kiss @ss to get his foot in the door, but you need to cover yours with a cactus skin.
What are the odds if you don't give him a positive report? [evil], you have to look for someone else? So let it be, don't give in to blackmail.
But be sure that your assumptions are right, if an administrator who have all the rights is looking for a hidden account;
it can be that the staff is laying boobytraps and everybody is busy with cover ass politics,
or you have some "curious/inventive" users,
or the guy is thinking lightyears ahead.

The husband is in most cases the last one to know...

Steven
 
I don't know if I want to play devils advocate, but do you have any other proof that he is doing anything wrong outside of a post? Are you checking up on him by reading posts on a forum he frequents? Have you found this "hidden account"? If he already has admin rights, I don't see the benefit of a hidden account and is it a hidden account in windows (local or domain) or in an application you use?

 
Sounds like the Bastard Operator From Hell to me.
What recourse do you have for the personal conduct? That is assuming that you could validate that a hidden account was created by this administrator.

And the benefit of the hidden account is as a "backdoor" after you are canned. It is also useful for doing things that are specifically prohibited by policy. Even if they do locate the activity, there is no user to tie the account with.


pansophic
 
Noted, but I don't really see how hard this "hidden account" could be to find. Perhaps a simple audit of the user accounts would suffice. Get a list of current employees and match it up to there accounts. Then go through all left over accounts (service accounts, admin accounts, etc.) and then have all of the techs. (seperately) explain the use of each account. If there is a hidden account, and unless the other techs are in on it, it'll come out.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top