Re: When IT Manager breaks rules

["Byron (Yahoo)" <snail945 () yahoo com>]

another idea.

why not ask the manager to sit down with you and let him know how you feel, 
and outline your concerns - how his/her actions put you and/or the company 
in a tough spot.

and i would ask the IT manger if there's something i'm missing (a material 
fact),  and if not, i'd ask directly for support forward.   if the policies 
are grounded and signed off on at the executive level, i can't help but 
think he/she would respect your approach.  they'd also respect you (a lot) 
coming directly to them (human to human), vs. playing the 
"police/confrontation" card we often do in security.  i would.

we're all humans. even if sometimes we don't seem like it :0.  I've found 
that a little good old fashion opening and listening can solve what appear 
to be major issues. it can build relationships.


good luck.

Byron

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of WALI
Sent: Wednesday, May 16, 2007 10:33 PM
To: security-basics () securityfocus com
Cc: security-basics () securityfocus com
Subject: When IT Manager breaks rules

Hi guys...an odd question here!! I am mad at my IT Manager, he is such a

sissy!!

Being a internal security analyst in-charge, I want to enforce a few
policies at help desk. One of them is, not to create any user account
unless an email arrives from HR to HelpDesk, informing of the user's
badge
ID, the department he/she belongs to. The status of employment and all
those things. The procedures are in place but sometimes it so happens
that
some Head of the Dept. or executive management calls up our IT Manager
over
the phone, or send him an email directly which is then forwarded to our
Help Desk incharge who is then left with little options but to create
the
account without due processes. All policy compliance guidelines get
thrown
up in the air.

HelpDesk incharge is bound by his position to, not to defy IT manager
and
he is scared to tell me (sometimes he does) that IT manager is forcing
him
to dilute the AD account creation policy.

I don't want to confront IT manager based upon inputs by Helpdesk guys
but
would rather put a mechanism in place, where I would automatically come
to
know, that an account has been created and I can ask helpdesk to provide

proof of the email from HR arbitrarily and then confront the manager.

I know some Audit trails can be put and they would appear under Security

tab of Event manager ( or so I guess) but I need something more
automated
that would land in my mailbox.

Is this possible through any automated solution in AD of Windows 2003?
Probably MOM 2005 or the types?
In case I chose to confront  HR Admin/ managers with a plea to stop
sending
such requests to our IT Manager and put their house in order, what all
genuine risks of 'not doing so' can I highlight? Ours is fairly large
corporation employing about a 1000 people.




This e-mail and any files transmitted with it are confidential and are 
intended solely for the use of the individual or entity to whom they are 
addressed. If you are NOT the intended recipient or the person responsible 
for delivering the e-mail to the intended recipient, be advised that you 
have received this e-mail in error and that any use, dissemination, 
forwarding, printing or copying this e-mail is strictly prohibited.