I just started a position with a company as a network administrator. They
have small business server 2003 with Exchange, SQL 2000, file and print
services & ISA running on the box. They have 26 databases running on this
server and they live and die if these are down. There is no security and
passwords have not been changed for over a year. Group policy is not used and
patches are applied manually.

Transaction logs are backed up every hour and by the end of the day there is
a total of about 3 gigs of space left on the server. At night a bat file
kicks off to copy all transaction logs to a USB drive and then all logs are
deleted from the server. They use acronis for their backup which takes an
image of the entire server each night.

They have a DSL line coming in to the building but no device between that
and the server. They do have RWW and RDP enabled and the administrator user
is still called administrator and this is where my problem starts.

They have an outside vendor that has been with the company for about 5 years
and they want to phase him out. In the mean time I am supposed to be working
with him. I told him I would like to create a change control document along
with a document detailing the network as a whole. I told him I didn't want
any changes made to the server until we were finished with the documentation
/ score card.

One of the questions I asked is why RDP was enabled along with RWW. It was
my thinking that both of them did not need to be enabled. He said they were
not but I did show him that both were. We documented the issue and I said I
wanted to investigate this further to see if they both needed to be available.

The other night I tried to remote in via RDP and I was unable to. I called
the vendor and told him I was unable to access the server. He told me to use
RWW which I did. Looking at the server it looked like he disabled terminal
services. The next day I went in and had a meeting with him and asked him why
he changed settings on the server and did not tell me in our phone
conversation. He stumbled around the issue.

I then had a meeting with the owner of the company and told him I needed to
lock out the vendor due to lack of communication and trust. The owner did not
agree and told me to communicate to the vendor that things are to be done my
way. I had another meeting with the vendor and told him we needed to work
together.

I just found out there is a new policy that was enabled to lock the end
users computers after 15 minutes of activity. This is a suggested change I
made to the vendor in one of our meetings. At no time did I give the go ahead
to make any changes to the server. These are all suggestions and they go into
a score card for review.

Now, at this point I am at a loss. I told this guy to stop making changes
twice and he refuses. I am not sure what to do at this point. I really feel
this guy is going to wreck the server with a change if I don't lock him out
and then I am going to be blamed. I actually feel this guy is going to
sabotage my job here. I have never worked with someone like this in my entire
career.

I can no longer trust this vendor not to make arbitrary changes to my
network. I think the owner has some kind of friendship with this guy and does
not want to hurt the relationship. To me this vendor is untrustworthy,
deceitful and is afraid of losing this contract.

What are the thoughts on this here? I am really thinking about walking
unless I am allowed to lock this guy out. I understand this guy may not want
to change the status quo but the network is not managed in any traditional
sense of the word. Changes do need to be made but they need to be made in a
lab and then rolled to the server. Am I being unreasonable here?

-Maxxsir

Hi:

You seem to have several issues, most of which seem to revolve around
managements' refusal to implement proper protection and security for the
company IT systems and its data.

Don't really know how you get over that hurdle except to research and
document some problems on other IT systems that did not follow proper
procedures. Give him the report in writing, with suggestions to mediate the
problems, maybe along with a time table and budget.

If you can't get forward traction going on managing the NW and data, then
you have to decide if you are better off staying under less than optimal
conditions, or looking for something else.

If you create and submit the report, you may get a pleasant surprise, or you
may get a pink slip. But in either case, your CYA position should have been
accomplished.

If this is your first experience with SBS, don't let the All in One nature
of the system scare you. But, be prudent about backups, passwords, Inet
protection, and AV and Anti Spam.

As far as the contractor goes, he is accustomed to having his way with this
network. He may settle down in time, or he may not. It will take a fair
amount of diplomacy on your part to get him to cooperate, but you mind set
should be "How can I win him over", and never, "How can I torque him off so
he leaves.".

Lastly, if you have specific questions about SBS 2003, look here:

SBS 2003: microsoft.public.windows.server.sbs

Larry



"Maxxsir" <Maxxsir@discussions.microsoft.com> wrote in message
news:ADD7E535-A573-4861-B24D-E5981C5ED1F5@microsoft.com...

Thanks’ for the tips Larry. I really have encouraged an atmosphere of
cooperation with this guy. I ask his advice and try to work with him on
several fronts. I am hoping he does settle down a bit but in the end I
suppose a decision will have to be made.

I will take your advice and just write a report based on the existing
network setup and take it from there.

--
Maxxsir


"Larry Struckmeyer" wrote:

Over the 10 years now I've been contributing to the SBS NG's this is not the first of these stories.
I'm assuming he knows he's being replaced? If thats the case, things are likely to get worse before they get better. After all you are putting him out of a job he's had for 5 years.

Document, Document, Document.

I would expect to have another meeting with the owner again, if this behaviour continues. You can submit the report, but then follow up with a meeting with the owner in 2 days to discuss options.

What is it, at this point that you still need the vendor guy there for? I'd learn everything you can learn regarding that, and at the first possible moment, go to the boss and say: you told me I was being hired to replace "John". Well I believe I've learned everything I can learn regarding the systems from John and I think its time to let him go. Get concurrence, set a date, and watch this guy like a hawk cause he's gonna try to sabotage you.
"Maxxsir" <Maxxsir@discussions.microsoft.com> wrote in message news:91707BD6-B2E4-436B-9275-E7F591E9A30A@microsoft.com...
Thanks’ for the tips Larry. I really have encouraged an atmosphere of
cooperation with this guy. I ask his advice and try to work with him on
several fronts. I am hoping he does settle down a bit but in the end I
suppose a decision will have to be made.

I will take your advice and just write a report based on the existing
network setup and take it from there.

--
Maxxsir


"Larry Struckmeyer" wrote: