bit of a weird situation and i thought i'd ask for some advice
in our IT dept. on my site there is 2 of us, me and my boss, in london there is the big boss.
we look after 2 networks, one is the main company network if you like, and the other is for the nurses to access clinical stuff
one of the nurses kinda voluteered to help out with the IT and update the clinical software so my boss gave him admin rights to the whole network
im not sure the big boss is aware or not, that a non-it member of staff has admin rights, albeit on a minor network
for the sake of this lets call him IT-nurse, he is not s**t hot on IT but he is ok... he came to my office today and asked questions which suggested to me he didnt know what he was doing, so firstly i was curious to what he was actually doing (he mentioned some kind of scan) but i thought id put a shortcut on his desktop to a program which would help him with his task...
when i was doing this i found a shortcut to a program called cain.exe - if you dont know it google cain and able.exe - it has lifted all the passwords out of active directory (non-it people - all the usernames and passwords basically)
i told my boss about this who has gone on holiday for 2 weeks and he said he will have a word with IT-nurse when he returns
personally i think this is not good enough and that i should tell head office boss about this as he could be lifting these passwords with intent of getting mine/my bosses passwords to use on the main company network
however points to consider are:
does the big boss know IT nurse has admin access - i might be dropping my boss in it?
i've already spoken to my boss and he might think i am snubbing him so to speak by going above him
my boss might want to keep IT nurse around because having him means less work for us but if he is this unreliable then imo he should be fired as this is gross misconduct.
the other option is i know big boss isnt in for 1 week - when he will visit me at my site - i could show him what has happened then but he might say why did you wait a week to tell me?
in our IT dept. on my site there is 2 of us, me and my boss, in london there is the big boss.
we look after 2 networks, one is the main company network if you like, and the other is for the nurses to access clinical stuff
one of the nurses kinda voluteered to help out with the IT and update the clinical software so my boss gave him admin rights to the whole network
im not sure the big boss is aware or not, that a non-it member of staff has admin rights, albeit on a minor network
for the sake of this lets call him IT-nurse, he is not s**t hot on IT but he is ok... he came to my office today and asked questions which suggested to me he didnt know what he was doing, so firstly i was curious to what he was actually doing (he mentioned some kind of scan) but i thought id put a shortcut on his desktop to a program which would help him with his task...
when i was doing this i found a shortcut to a program called cain.exe - if you dont know it google cain and able.exe - it has lifted all the passwords out of active directory (non-it people - all the usernames and passwords basically)
i told my boss about this who has gone on holiday for 2 weeks and he said he will have a word with IT-nurse when he returns
personally i think this is not good enough and that i should tell head office boss about this as he could be lifting these passwords with intent of getting mine/my bosses passwords to use on the main company network
however points to consider are:
does the big boss know IT nurse has admin access - i might be dropping my boss in it?
i've already spoken to my boss and he might think i am snubbing him so to speak by going above him
my boss might want to keep IT nurse around because having him means less work for us but if he is this unreliable then imo he should be fired as this is gross misconduct.
the other option is i know big boss isnt in for 1 week - when he will visit me at my site - i could show him what has happened then but he might say why did you wait a week to tell me?