We have a user here that will be getting fired tuesday morning, with the stipulation he has 2 weeks to get all his work done (weird, dont ask). I have already remotely backed up his laptop in case he deletes anything.
As far as internet and email go, what steps can I take to ensure he isn’t sending himself items? one request was to quarantine anything sent through email and let me filter if its going to his personal or its actually client info. I could give the host file a bogus DNS, but then he would know something is going on.
What about USB drives? he uses a mouse so how can I monitor what (if there is a USB drive plugged in) is being transferred?
Do they make some program that will help me monitor what he does? The partners are asking some off the wall request pertaining to this user, but they are all serious requests.
Thoughts?
15 Spice ups
That’s some super sketchy stuff! I had an HR request like this several years ago, I pointed them to our “computer use” policy and told them to fire the user and hire someone to finish the work. Not worth the risks!!
11 Spice ups
Set a rule up in mail flow to fwd a copy of everything in and out to another account.
3 Spice ups
jbrix
(Jared7469)
4
Hmmm just an idea off the top of my head, but you might be able to use a spam filter to stop his emails, then go in and mark which ones can go through. I mean if you can do that with ones coming in, you should be able to do it going out.
jimmy-t
(Jimmy T.)
5
With Group Policy, you can disable USB drives and CD drives. Stay a bit late today, make the policy, apply it to his computer and do gpupdate /force. As for email, do what CA-RT says and get a copy of his emails sent to someone to monitor. If you can, you may want to monitor Internet activity so he doesn’t get a virus on the network before leaving.
5 Spice ups
rojoloco
(RojoLoco)
6
Have someone stand looking over his shoulder constantly. When he does something questionable, the watcher can whack him in the head with a ruler.
16 Spice ups
chris0984
(Space Force)
7
They are dumb for letting him work till a certain point. They need to end it, unless you can be sitting at their desk holding their hand the entire time, no way you can really control everything they do. You can block thumb drives and monitor their email, but it wont stop them from emailing something from their personal email account (outlook.com, yahoo, gmail).
If they are that worried, they need to end it and be done.
6 Spice ups
ssmart
(SamSmart84)
8
“Ted, we’re sorry but we are going to have to let you go… two weeks from now. Now get back to work.”
Wut
That is the oddest thing I’ve heard all week. If he’s going to get fired, let him finish what he’s working on first, THEN fire him. You guys are backwards!
7 Spice ups
Bud-G
(Bud G.)
9
Like Jimmy said, use GPO to disable USB/CDs.
Also, set up his e-mail to not allow attachments. Everything else, have a copy set aside.
2 Spice ups
Fella, I know its backwards. Its coming from the partners. I’ve told them “you do realize what your asking is going to take alot of man hours and unnecessary research?” But they insisted.
So much wasted time.
2 Spice ups
This is so wrong. I would speak with your HR department and convince them they are going down the wrong road and are putting the company at risk. Extremely poor HR decision making - I would be showing them the front door too!
1 Spice up
I agree with Matt, i assume this is a company issued laptop and if you’ve created a terms of usage banner that states the rights of the company, every time this user logs onto your domain they know and accept the terms of using the company network and company issued equipment. This way any data sent on the network or with company equipment is property of the company.
If you have FTK you could use that to recover anything they may delete.
1 Spice up
you’ll also want to watch for things like drop box or google drive.
6 Spice ups
EXACTLY. they are thinking I can just wave a magic wand and poof, everything is covered.
1 Spice up
kholcomb
(Kelly Holcomb)
15
This is really wrong. I don’t think you’d be able to lock it down while still keeping it usable. A temporary gmail account or dropbox web access would be enough to steal whatever data he wanted. If they can’t see reason you’d need some kind of full on spyware to catch him in the act rather than try to stop him in advance.
Does the user know much about computers? As others have said a GPO to block USB storage will help, but if he’s computer savvy all he has to do is boot from a CD and he can copy whatever he wants.
1 Spice up
we have encryption in place, so there’s no booting from CD.
3 Spice ups
jimmy-t
(Jimmy T.)
18
I will say good luck with this. At my last job, I had something similar. When this particular person (who was a big screw up) put in their month notice, since they were a manager, the boss said to disable the account. The next day, we were told to get them on an auditor account with restricted access, the day after, to set them back up on their regular account. They then worked the rest of their time on their regular account without oversight. Needless to say, I stopped using logic there.
ccmis
(CCMIS)
19
You could mount a hidden camera in the ceiling behind the user so you can record everything from your desk. That would probably be cheaper then paying someone to stand over his shoulder. Some antivirus suites have the ability to block usb drives and such. If you have a decent firewall you could log all of his internet network activities. If you have a log server you could also keep a record of all of his events.
1 Spice up
Bud-G
(Bud G.)
20
Also, if this is all supported by management/HR/legal, you could install a keylogger.
3 Spice ups
