Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PLease help need a network admin

Status
Not open for further replies.
pburg23m

pburg23m

IS-IT--Management
May 28, 2004
9
US
PLease help need a network admin
Im desperatly in need of help. I just got fired from the best job ive ever had, for something i didnt even do. heres the situation

Basically im a entry level network tech, the guy who was network admin barely knew more then me, totally clueless. Yesterday he said he took off my administration privledges, then today they were back on, and they are saying i did it, when i KNOW i never touched anything in active directory. its got to be traceable, can somone please help! please ! i cant afford to be out of a job!
 
Sort by date Sort by votes
Plausible deniability.

Audit logs should tell you. Go straight to HR or failing that a Director. Insist that you are innocent until proven guilty. Until they PROVE you did it, you can keep your job. Get a solicitor...

<signature for rent>
 
Upvote 0 Downvote
im in the US, and they said i was on my 3 month probationary period , but if i could figure out how this happened i can probably get my job back. theres got to be some valid explanation how active directory re added my admin privledges. it was stuff i didnt even need nor want like schema, etc that i had and didnt need.
 
Upvote 0 Downvote
You'll have to get them to examine the event logs on the servers and hope that the auditing level was set high enough to capture changes to users. If not, you're pretty much on the street looking for another job.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
err im kinda confused what did you get fired for exactly ? The head admin took your admin privs then put them back on a day later and you got fired for it ?

Thats a sackable offense ?

Even if your admin privs where taken from you without knowing another admin acc login details you would be unable to give yourself admin privs back to your acc.

 
Upvote 0 Downvote
Faithless is right. If he took away your admin priv. then you could not have given them back to yourself. Pure and simple you could not have done it if he took them away correctly.

Not sure how you say the above (if it was done correctly than you could not put them back) unless you had the password for an account that had priv. to put them back.

HTH

Nancy
 
Upvote 0 Downvote
Been a network administrator for 19 years...

If your your admin privileges were actually removed, and you do not have an administrative user account and password, you could not have given yourself administrative privileges. The head admin did not properly remove your administrative privileges.

If reinstating admin privedges youself was possible, once they are removed, Nt security would be useless, and would never had been developed; this would break the network security foundation of every network operating system ever developed.

Traceable,...the audit logs would be nice to review, but not needed, your head admin is covering up his mistake. This is not a debatable issue, if you received posts from 1000 different administrators you will get the same answer .. it is not possible.

Paul Meiners
MCNE, MVP
 
Upvote 0 Downvote
The last 3 posting are right. Only the administrator has the Rights to add people to the administrative level groups and grant administrative priviledges.

He blew it and is too much of a chickhen SH!@ to admit it.
You can try to fight it, but if you are in one of the smaller cities that could burn you as well as far as getting another job. If you do intent to protest it do it without getting confrontational. Present to facts as you know them and then let the chips fall where there will.

You might even print out this forum thread as witness to the fact that it cannot be done.

 
Upvote 0 Downvote
Well heres the deal, hes saying he left the server unlocked logged in as admin, and that i went in and changed them at the server, But i did not touch that server, at all, all day. What im hoping to find is that they were changed from a certain workstation and not at the server. Or i was thinking maybe its possible that he changed them on his windows xp station using the windows admin pack he always uses , and they didnt update on the server. Or is it possible that active directory is set up on more then 1 server and hes just not too bright and didnt update it on the master??
 
Upvote 0 Downvote
Well if he left the server "unlocked logged in as admin", that's a huge mistake in his part !
 
Upvote 0 Downvote
He left the server room open, the server unlocked,... and the company is worrying about you as a security risk... give me a break. If this was somehow a court involved case the judge would through the case out in your favor.

The admin must be a major ass, petty.. can't admit he made a mistake, blames it on you.

If I were you I would not try to access anything you not suppose to. They may even have a key logger on some machines, don't compound the problem.





 
Upvote 0 Downvote
This is easier for me to say than for you to hear, but:

You're far better off not working with this guy!
 
Upvote 0 Downvote
LoL this head admin guy gets funnier the more you talk about him. Hes the one that should have been sacked not you.

He left the server unlocked?!?!?

I mean what kinda admin would do that.

Another thing you might want to check to see if hes telling the turth is that by default the server will have a screen saver set on it which if it comes on will lock the computer. He might have turned the screen saver off though.

 
Upvote 0 Downvote
thanks for the input so far, i agree it was his fault the server was unlocked, im really looking for a way this could have happened by mistake. At the very least I would like to clear my name, or if he did this maliciously to at least bring it to the attention of upper managment.

I have read threads about windows xp possibly changing some settings, like re syncronizing with the AD server , is it possible the admin privleges sycronized from my xp machine to the server? or that AD is onmore then one machine and resynched with an old copy?

I really dont have the option of giving up on this, it was a great job, im just so stunned, ive never had my integrity questioned in my entire life. I was literally called a liar, and kicked out spur of the moment.

BTw how long is it before the logs are overwritten usually, and are the logs normally stored on the tapebackup? Because nobody will be in the office till tuesday for me to go in and contest this, im trying to gather as many scenarios of this happening by accident as well as building the case against his imcompetence. It really irks me that I got fired, and he said there was no way to track how this happened, and everyone just believed that. I spent 5 minutes on this board and learned about audit logs etc.
 
Upvote 0 Downvote
maybe he went into the local "computer management" of his own machine, or a member server and removed you from the administrators group there, instead of "Active directory users and computers".


It is not possible your machine could have privileges synchronized to the DC's active directory. The machine does not have the ability to control users or groups in AD. The admins responsibility would have been to remove you from the administrators group( plus any other security groups), and make sure you were logged off all the machines on the network, and then log in as you, and see if the security measures worked.

If replication is not working properly, one DC may have the settings but the others may not ( far fetched), but the event logs would have plenty of errors, still not an excuse on the admins part.

The event logs might maintain the events for more than the default settings of "over write in 7 days" if they were manually changed; personally I setup my servers with "over write as necessary", with a larger default event file size. The settings are easily changed , and the logs can easily be deleted, he may not have auditing enabled or setup to monitor security changes (likely).

default settings for Win 2000...

The Admin, has "credibility" with the boss, could easily BS him. The only why to check the event logs would be to have an independent consultant check the logs.. doubt this will happen. The event logs should be on tape.

Which ever way you look at, the admin screwed up big time, he should have verified the security changes.

Personally, I would ask for a meeting with the boss without the Admin, the admin will be too defensive to allow you any credibility. Point the boss to this thread, I believe he needs some enlightning. Write the URL down, and give it him, he has to be curious... that is, if you don't lose your cool.
 
Upvote 0 Downvote
Hate to burst your bubble, but many states are "Right to work states." Illinois is such a state. This means any company in the state can fire you for no reason at all other than they wanted to. I got this directly from the state. Good luck, you are going to need it.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.

TTinChicago
Johnson Computers
 
Upvote 0 Downvote
From my understanding of being "fired" from IS, the removal of access is concurrent with the subject being escorted out the door. The reason for this is that it is far to simple to create login access as an admin then to use your own, especially if you are a sysadmin/network admin.
My understanding of this dilemna is that they are testing you on (KSA) knowledge, skills and abilities. The test is threefold, 1) your ability to evaluate the problem to discern exactly what actual "offence" was committed: 2) Your reliability in reporting who is responsible for the alleged security breach, and 3) your response to a personal attack.

and trust me, all of these are understandable and frequent scenerios. As a probie, no reason would have been given to you, other then the fact you were not the match the company was hoping for. Thats why there are probationary periods.

Examine the problem logically, investigate it, and resolve the actual existing problem.
 
Upvote 0 Downvote
I would gladly try to solve this problem. I was never given a chance to examine the logs or anything. They said I got mad at having my privleges removed and went to the server and re added them.

This never happened, i never touched that server. I have offered to have an expert come to investigate at my expense, nobody has awnsered me yet though.
 
Upvote 0 Downvote
I think he is not satisfy with your job. Anyway send email to management and CC him with link to this thread.
 
Upvote 0 Downvote
I would just move on, similiar situation happen to me. Fact is you don't want to work around someone that has no problem of placing blame on you, or anyone else for that matter just to save his butt. Your better off saving face and moving on. This slug you were talking about will have an excuse for all your concerns you may raise. It's a tough pill to swallow. But you will be better off in the long run.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC &amp; Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
231
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
399
gbaughma
gbaughma
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
135
ADB100
ADB100
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
334
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top