Account Disabling Procedure
It is sometimes necessary to disable a user account in Active Directory. This document sets out the procedure.
Who can request that an account be disabled?
- The Secretary's Office.
- The Information Security Manager, or the Director of Information Systems and Computing, (or in their absence, two members of the Emergency Management Team) can request that a user account be disabled if it is believed that an account is being misused, or for violations of the Regulations for the Use of Computers.
- The request should be sent to email@example.com.
Who can authorise that an account be disabled?
- The Information Security Manager, or the Director of Information Systems and Computing, (or in their absence, two members of the Emergency Management Team) can authorise the disabling of the user account.
Account disabling process
- The authoriser issues an instruction to the Help Desk. The authoriser sends a separate message to firstname.lastname@example.org, specifying the username of the account to be disabled.
- The Help Desk logs an urgent action request for PC Systems, subject "account lockout", and specifying the authoriser's name for further information. If the Help Desk is closed, then this step can be bypassed and the call logged retrospectively.
- A member of PC Systems accesses the request and implements the instruction, closes the ITSM request, and sends confirmation to email@example.com, with a copy to the authoriser.
- The authoriser notifies the originator of the request that the account has been disabled.
- Any instruction that did not originate from the Secretary's Office regarding misuse of an account will be reviewed after five working days by the Information Security Manager.
Procedure change history: Created on 22 May 2009. John Richards.