When Employees Leave the University

Things to do

  • General Information
    • Most account closures are automated based on information from the PeopleSoft Human Resources / Student Administration System.
    • If after reviewing the employee’s accounts, you feel you still need access, contact Human Resources who will coordinate with Information Technology’s Enterprise Security team to discuss methods.  Do not ask for or change the employee’s password; he or she may still need to log into ULink.
    • Ensure your departments Unit Business Manager has HR set the last day worked in the HR system - this will trigger account closures. If this is not done, accounts will remain open until all pay has been given.
  • Review All Computer Accounts
    • Exchange
      • Sit down with your employee and review all email and system functions, including archived email.  The Exchange accounts close on the last day worked that is stored in HR.  The deletion date is set for 30 days.  After 30 days the Exchange accounts, and the email in them, will no longer exist.
        • Retrieve anything for active project(s)
        • decide what needs to be retained
        • decide who should keep the email
        • forward the email to the proper person(s)
        • Service accounts (reassign to someone else, fill out the appropriate form to modify the service account. When the change is made, change the account's password and reset who has proxy access)
        • Resources such as conference rooms owned by the user. (reassign to someone else, change password and reset proxy access)
        • If the employee owns a Listserv - assgin a new owner
        • Distribution lists – Global and Personal
        • Shared folders – Copy anything needed from shared folders as they will delete with the account and cannot be retrieved thereafter
      • Note:  Current students will retain their email accounts – for this reason, be sure and utilize a Service account for departmental matters and not an individual
    • Active Directory
      • Tier I should remove employee from all Active Directory groups that grants access to resources.
    • LAN shared and Home directories
      • Review all of the locations that the user stores data especially any data stored on the LAN shared drives.  Normally these are the "I" and "H" drives.  The LAN accounts close on the last day worked that is stored in HR/SA. The deletion date is set for 15 days.  After 15 days files in the Home directory, the "H" drive, will no longer exist.  If any of the data files are password protected make sure that you know the password.
    • SharePoint
      • Does the employee own a collection?
      • Does the employee own a document?
      • Does the employee control access to a collection?
    • Raven, FINTEST, STUDTEST
      • If other people in the office are going to perform those duties, they must have their own account. The account for the exiting employee will be deleted.
      • Home directory will be deleted. Is anything stored in the home directory?
      • Are any programs running under the employee’s userID?
    • Oracle Accounts
      • Oracle accounts will be deleted.
    • Plone / CMS - web
      • Does the employee maintain your web site?  If so, remove their access and decide on a replacement.
      • Does the user update a web site/s located somewhere else?
  • Additional Action Items
    • Decide if special steps are needed to address special functions that the employee performed. This can happen when an employee is coordinating publications or conferences.  Usually we recommend that a Service account be used for this type of function
    • Verify that the unit still has access to the employee’s PC with an administrator account and password.
      • Change the employee’s PC password or delete the employee’s user account on the PC – also any shared PCs.
      • Instruct the employee not to reformat or remove any data from University owned computing equipment.
      • Disable remote access to the PC and any other devices the employee may have remote access to.
    • Obtain the voice-mail password from the employee and verify that it accesses voice mail properly.  Change the password and the message on the voice mail.
    • Has the employee sponsored anyone’s account?  If so, when renewal comes up those accounts will close unless someone picks up the sponsorship. Secure Access Management can run a report.
    • Collect the employee’s ID card, door keys, office and cabinet keys and remove building access if needed.
    • Collect the university cell phone and discontinue university cell phone access.
    • Collect any equipment that may be at the employee’s home; collect laptops, printers, etc.  This includes any software licensed to the University.
  • If you are unsure whether the employee had any additional accounts (Blackberry, etc.) contact Secure Access Management