1. Delete or modify user and computer accounts and groups
2. Access sensitive and secured information
3. Expose backdoors and network vulnerabilities to attack from third parties
4. Create privileged accounts, and grant privileges to other users

Even if the administrator leaves on good terms and does not attempt any retribution on the former employer, their departure can leave security weaknesses and potential problems which cannot be cleaned up by simply deleting their user account:

1. Service Accounts: most organizations have highly-privileged service accounts which run key services such as central file backup, anti-virus software or central auditing and reporting. Service account passwords are usually outside the scope of password change policies, because they are not used by any real user. However, the IT team often knows the passwords for these service accounts, and do you really want that knowledge on the streets?
2. Orphaned Permissions: just because you deleted a user’s account doesn’t mean that all permissions assigned to that account get removed from file servers. The Access Control Lists for files and folders are typically full of “orphaned” entries for deleted user and group account SIDs. These NTFS security harder to manage and might even affect performance.
3. Local Administrator Accounts: all servers and workstations have a local account database which defines the privileges of non-domain users on that computer. IT administrators sometimes use them to fix problems or install Windows components while the computer is not connected to the network, and they are also a commonly-used backdoor used by hackers. Like Service Accounts, if a member of your IT team leaves with knowledge of local account passwords, you could be at risk.

So, what can you do to mitigate these risks? There are a number of activities we recommend:

1. Change ALL passwords regularly! This includes Service Accounts and Local User Accounts. ScriptLogic’s Security Explorer makes this process easy and fast, with its centralized, multi-threaded, agent-less technology.
2. Managing a strong password policy and regular changes increases the help desk burden when users forget their passwords and lock themselves out. And if the IT team is smaller, the last thing you need is more help desk calls! Desktop Authority Password Self-Service gives users a secure way to fix this problem themselves.
3. Clean out orphaned permissions from all Access Control Lists. Again, Security Explorer is the perfect solution and performs this operation with just a few clicks.
4. Keep track of unused user accounts. Amongst its many other capabilities, Enterprise Security Reporter can report on user accounts which have not been used for 30 or 90 days or more, so you can clean out old accounts which are not being used.

These are a few recommendations for cost-effective ScriptLogic solutions that will help you keep your network secure in the event that an IT administrator leaves who knows where all the keys are kept!

A security weakness in all versions of Internet Explorer was exploited by thousands of web sites around the globe to infect Windows computers with malicious code. Hackers were even sneaking into mainstream web sites and installing the exploit so that Internet Explorer users could become infected by visiting a usually trustworthy site.

The spread was so fast that Microsoft issued an unusual “out of band” patch outside of their usual Patch Tuesday monthly schedule, namely “MS08-078”. The good news for customers of ScriptLogic Desktop Authority Patch Deployment for Desktops option and Patch Authority Ultimate is that the patch database was updated within hours of this patch’s release, and administrators were able to rapidly roll it out to desktops and servers.

This episode serves as a reminder of the importance of keeping your computers fully patched and up-to-date! For more information on our patch management solutions, click here.

• Desktop Management. ScriptLogic continues to enhance, develop and market the Desktop Authority product family for total coverage of the desktop lifecycle.
• Active Directory Management. ScriptLogic continues to enhance and develop its own products and sell them in conjunction with Quest’s offerings to provide the most comprehensive set of solutions.
• Server Management. ScriptLogic’s products for management of Windows, SharePoint and SQL Servers will be enhanced further throughout 2009 and sold alongside Quest solutions.
• Exchange Management. ScriptLogic’s offerings are expanding significantly in this area with multiple new solutions available from Quest for management of Exchange and other forms of Communication technology.

Click here to check out what’s new in 2009. For a limited time, download a free 30-day trial of any ScriptLogic product and you could win an ASUS Mini Laptop.