back to article College fires IT admin, loses access to Google email, successfully sues IT admin for $250,000

Shortly after the American College of Education (ACE) in Indiana fired IT administrator Triano Williams in April, 2016, it found that it no longer had any employees with admin access to the Google email service used by the school. In a lawsuit [PDF] filed against Williams in July, 2016, the school alleges that it asked …

  1. Steve Davies 3 Silver badge

    And using Google is a good thing?

    answers on a pinhead please...

    1. Captain DaFt

      Re: And using Google is a good thing?

      Which pinhead? The fired admin or his boss?

    2. 2460 Something

      Re: And using Google is a good thing?

      Google offers it for free to education establishments.

      1. big_D Silver badge

        Re: And using Google is a good thing?

        What does free have to do with it? If they won't cooperate and return control of the domain back to the "rightful owners" after they have dismissed the administrator, as in this case, then it is irrelevant whether the product is provided "free of charge", if you incur costs through not being able to use the service, then being "free" isn't an argument for selecting the service.

        1. dmwalsh568

          Re: And using Google is a good thing?

          Having just a single Google Superadmin account is plain stupid. Two should be the minimum to avoid the situation where your only admin won't or can't give you the credentials (imagine the admin dies unexpectedly...heart attack, hit by a bus, etc.)

          So yes, free is good and assuming you have semi-competent managers so you have some redundancy then everything is fine. When you have Dilbert-style management and too small of an IT staff, woe be unto the PHB.

        2. ps2os2

          Re: And using Google is a good thing?

          You get what you pay for.

          1. Anonymous Coward
            Anonymous Coward

            Re: And using Google is a good thing?

            "You get what you pay for."

            No way, Google Apps are way better than Microsoft if you have used both suites... and I used to work for Microsoft. The same thing would have happened with O365 at some tiny school if the admin had the account registered in their name with their personal email, etc. Think about it - You're in Google support and some guy from a school you have never heard of calls up and says that some Google Apps account is actually their account/domain... despite, apparently, having no documentation to support it. Google isn't just going to say "well, if you say so, that's good enough for me... here's total access to a whole bunch of peoples' email and files which you don't own."

        3. Anonymous Coward
          Anonymous Coward

          Re: And using Google is a good thing?

          " if you incur costs through not being able to use the service, then being "free" isn't an argument for selecting the service"

          Welcome to the *Cloud* ... where "free" never means Free, and "service" isn't in all of the dictionaries.

    3. NoneSuch Silver badge
      Thumb Down

      I've been in that situation.

      Was laid off from my position with several others for cost-cutting reasons (execs had made some bad business decisions and it bit them in the butt costing a half dozen jobs) Before being walked to the door, I asked the guy replacing me to change all admin passwords and terminate my VPN. He was part-time and found a better gig within a month of me leaving. After he left (went overseas) and before they found a replacement, several servers went down (log files filled up the HD on the DC, they needed constant attention) and I had cops knocking on my door questioning me. I was being accused by execs at my former company (same ones who laid us off) for trashing the servers.

      Luckily, I had the email chain showing I no longer had access and proof all passwords had been changed after I had left. They went away and two days later got a desperate call from my former boss asking me if I wanted to come back and help them recover. Already had a new job offer several hours away and said no. I heard it took them two weeks to get server access after engaging a consultant. It was another week until they had everything back up. The new passwords had never been documented, my replacement never responded to email and I heard from friends at the company that I was still being blamed for the incident by the execs.

      1. Terrance Brennan

        Re: I've been in that situation.

        Typical incompetent management looking to blame someone else for their own stupidity. Maybe he did intentionally "lose" the password, I don't know. However, he should not have been in a position to do so.

      2. Anonymous Coward
        Anonymous Coward

        Re: I've been in that situation.

        I heard from friends at the company that I was still being blamed for the incident by the execs.

        Get that somehow in writing - defamation is even in the US worth some money and if their actions are as you described I would entertain the notion of making it hurt. Any future employer who comes across this would reconsider taking you on otherwise.

      3. BillDarblay

        Re: I've been in that situation.

        The world of work belongs to the sociopaths and psychopaths my friend.

      4. Anonymous Coward
        Anonymous Coward

        Re: I've been in that situation.

        > The new passwords had never been documented

        Just to say, in my experience (well-known multinational) passwords are never documented. Even saying a password out loud was a breach of security, let alone writing one down. Anyway, except for one or perhaps two specific and local systems, passwords were not the basis of our security system--access was granted or denied to different parts of the infrastructure based on one's LDAP's roles. So basically, we had to log into LDAP with our own passwords (and two-factor authentication when nobody else had heard of it yet) and things would be taken from there.

        When I left, my LDAP access was cancelled within minutes of my exit interview and all my roles re-assigned as needed. It was very impressive indeed.

        1. Dan White

          Re: I've been in that situation.

          An admin friend of mine once described the process for getting rid of nice techies in his old firm:

          1. Take Unsuspecting Victim out for expensive farewell lunch and drinks.

          2. Admin disables UV's remote access.

          3. Announce during lunch that this is UVs farewell lunch.

          4. Admin disables UV's Mobile phone account.

          5. Admin trawls UV's logs to check for other accounts created by UV, nukes them.

          6. Admin bins UVs user account, revokes Access card and ID.

          7. Box up UV's possessions, place in lobby with security.

          8. Place generous severance cheque in box.

          9. UV returns, collects box, never seen again.

          For techies that you *didn't* like, remove the words "expensive" from step 1, and, "generous" from step 8.

          For techies that f**ked up, remove steps 1, 3 and 8 entirely, and carry out procedure after they leave work and what was then their last day...

          1. Ian 55

            Re: I've been in that situation.

            'The process for getting rid of nice techies in his old firm:'

            If this is in the UK, given the complete lack of following any legal process, I'd expect the cheque to be extremely generous. Especially if you didn't like them.

          2. RealBigAl

            Re: I've been in that situation.

            Thank god I've never worked in a country where this sort of behaviour is seen as either legal or acceptable. That's horrendous.

      5. big_D Silver badge

        @NoneSuch Re: I've been in that situation.

        I was laid off as well, and the first thing I did was make a list of all of the corporate accounts I had access to and gave them to one of the directors, with the comment that all these account passwords should be changed, and that I had no copies of the passwords on my systems. I then got him to sign a copy for my records.

    4. Anonymous Coward
      Anonymous Coward

      Re: And using Google is a good thing?

      This seems to be a super weird situation. He must have had all of the accounts in his name or something and owned the school's domain himself. It is also odd that the school had one IT admin with no back ups or records, but maybe it is a small school.

      You can't put this one on Google. Damn near every school and university in the US uses Google Apps without incident... a ton of large businesses too. The US Federal Government is now on Google Apps for email, productivity, etc. There are literally into the millions of organizations using Google Apps, including mine. Google is way better than MSFT's 90sware. I'm never going back.

  2. Notas Badoff
    Joke

    This divorce is a complete shock - they seemed so *right* for each other!

  3. disgruntled yank

    Protocol

    "By setting up the administrator account under a non-ACE work email address, Mr Williams violated ACE's standard protocol with respect to administrator accounts."

    I interpret this as "He could do that? I didn't know he could do that!". As the previous poster noted, ACE does not sound like the best organization to deal with, either as student or as employee.

    1. phuzz Silver badge

      Re: Protocol

      Using your personal email address for registering things for work is an odd choice (for an employee, less so for a contractor/freelancer). Having a policy that says "admin accounts should be registered to company emails, not personal" sounds sensible to me. What if he'd been run over by a bus, how would they administer the system then?

      1. Anonymous Coward
        Anonymous Coward

        Re: Protocol

        When registering for anything I try to use a specific alias like current-it-guy@company.com so that the next IT guy does not have to use my name for anything, just inherits the alias. Not sure how that works with Gmail but it's good (IMHO) to disconnect administrative contacts from any single named employee, including myself.

        I might go bad one day, rooarr.

      2. Aqua Marina

        Re: Protocol

        I thought this was normal for Gmail email accounts.

        I have a company gmail account for mydomain.com. When setting up the account I had to use another address (not mydomain.com) for the administrative user account. Google would not accept a mydomain email address as the administrative user, probably because at that point I wouldn't be able to receive the confirmation emails from google during the update of the MX records. Even now, I have to have a non mydomain.com email address as a registered contact on the account in the event that mydomain.com is down, and google need to contact me by other means. With access to this email address I have administrative access and ownership of the company gmail. I can and have set up additional administrative users that do have mydomain.com addresses, but you must have one account that isn't on the same domain.

        1. Adam 52 Silver badge

          Re: Protocol

          He was setting up the work email service... of course he had to use a non-work email address because the work one didn't exist at the time.

          All hangs on how personal this personal email really was - was it personal as in "I used the account my mum uses" or "I created a hot mail account" to use to sign up.

          1. BinkyTheMagicPaperclip Silver badge

            Re: Protocol

            Yes, but what you do is use another gmail address specifically for that purpose, and document its username/password for work.. You do not use your own e-mail address.

      3. anothercynic Silver badge

        Re: Protocol

        It does not have to be a personal email address. What it *does* need to be is an address that is *not* connected to the domain you are managing through Google. If it is an email address that is managed by *another* domain on Google, that's fine, because *that* domain will also have an account elsewhere.

        It's all about ensuring that when Google dies for some reason, the person(s) designated as admin for the domain can move things.

      4. Neill Mitchell

        Re: Protocol

        What if he'd been run over by a Google self drive car?

      5. Anonymous Coward
        Anonymous Coward

        Re: Protocol

        "Using your personal email address for registering things for work is an odd choice (for an employee, less so for a contractor/freelancer)."

        It seems like this was not exactly a professional operation.

    2. ps2os2

      Re: Protocol

      Remember this is Indiana and the former governor will be the next VP. Close the hatches and give up all hope.

    3. Anonymous Coward
      Anonymous Coward

      Re: Protocol

      Yup. You better register your admin account under the school's domain so it can be easily recovered and used when ... uh ... the school's servers go down. Kind of like putting your file backups on the same disk as the files you're backing up.

      1. Anonymous Coward
        Anonymous Coward

        Re: Protocol

        Yeah, put Google will set you up with a test domain if your company doesn't already own more than one domain. You don't need to use your personal account.... I mean PwC and Roche Group use Google Apps. They are not putting their 240,000 users under the control of one admin's personal account. It doesn't need to be set up this way.

        1. Anonymous Coward
          Anonymous Coward

          Re: Protocol

          I mean PwC and Roche Group use Google Apps

          Interesting - if they're doing this in Europe they may have a problem..

  4. Anonymous Coward
    Anonymous Coward

    Sounds like

    Everyone involved here is a bit of a tosser.

    The school treated this bloke like shit, but the bloke screwed himself by trying to be a pain.

    If what the guy says is true, then I feel sorry for him that respect but handing back the laptop in a messed up state is just plain wrong. If you're intent on winning a case against a large organisation you have to maintain the high ground. Otherwise they will drag you through court until you're skint and can't possibly win.

    If you have a strong case you'll always find a lawyer that will represent you for free as they will push for the losers to pay the costs.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sounds like

      Last thing anyone in the desktop team here does before they leave is kick off a rebuild on their machines. If the company needed continuation of specific data then it should not rely on a single piece of endpoint hardware. What if the laptop had been lost, stolen or dropped instead?

      1. Anonymous Coward
        Anonymous Coward

        Re: Sounds like

        When I worked for one company (about 20 years ago) on a temporary contract I discovered that to be able to perform my role I had to have access to Server X. I only used one program (DOS based) which required the use of Server X but that was vital to the role. The program it was explained to me had a security system on it to prevent unauthorised use of the software and the data. You needed to have a login and password naturally but also a licensed copy of the software I was told, and was duly provided with. There were levels of permissions that your login would allow depending on what sort of user you were and I was a temp so had a low level access. All of this was company proprietary data about their brands and as such it was something they were a bit cautious about. My login could run reports etc. but was 'non destructive', so I couldn't change or delete any of the data for example. Also couldn't run a report just dumping everything out in plain text or CSV format I could only produce certain subsets at a time but could do so to a CSV file. The software also logged reports that were generated so audits could be done.

        I couldn't believe it when I discovered that the databases stored on Server X weren't very big and easily small enough to be burnt onto CDR. I then found that the software wasn't what was required licensing every 90 days but the databases themselves. All the permissions were stored in the local copy of the program and referenced in the database too. So you could in theory take a copy of the newly licensed databases and the software on CDR and no one would know. You could then go home and if you had any sort of login and password you'd have access to the company data for 90 days. Terminated employment obviously wouldn't have any effect because by that time you'd already have the data, a login they couldn't cancel and had 90 days (which may have been extendable by changing the system clock giving you infinitely longer) to use it. So with a bit of work even with the lowest level access on your stolen copy you could have recreated the entire database in another program by just doing different reports.

        I made a point of mentioning this by email to my boss and they took my comments oh so seriously. They said "Don't worry about it that wouldn't work" and then days later were promoted. So on my last day I burnt a copy of one of the databases and software (just copied the program folder from my machine) and went to see the head of the IT department in their office for my exit interview. I had asked for my boss to come along (there was a bloke from HR too) and said that I wanted to show a proof of concept of something I'd been working on. I demonstrated that on a clean company laptop I could access everything on that copied database with no network connection and a login/password combo that was resident on the disc and they couldn't cancel. Boss sat there open mouthed as I showed this off and I then said I'd raised my concerns before but think I didn't explain it clearly enough to be understood.

        I said I'd had no problems with my employment, liked the company and was sad that there wasn't a permanent job available at that time. I explained that I was so concerned about what someone with malicious intent could do that I thought I'd better mention it again and a bit clearer this time. I was thanked for informing them that their systems had a 'small flaw' and that they'd contact the software supplier ASAP to get an explanation/patch.

        About a year later I was talking to an old work mate and I discovered that they had had an employee who was retiring and had a grudge against the CEO. This person having retired had overheard some marketing idiot talking about a forthcoming brand launch in the company local. Being an enterprising sod he'd then bought the .com variations of all the potential brand names that they'd heard were on the shortlist. The company accused the now ex-employee of logging into the company computers and stealing the names. It didn't go down to well to be told (with a lawyer for either side present) that he'd overheard them being talked about in the pub. He named the person concerned, the date and time the incident occurred and said he'd sue for slander if he was accused again of still having access to any company login and password.

        Apparently they agreed to pay a 'small fee' for each domain he released back to them. Nice retirement present. Never did find out what the beef he had with the CEO was though.

    2. dmwalsh568

      Re: Sounds like

      I wouldn't assume that he sent back a wiped laptop, given normal IT practices I'd suspect that as soon as the laptop was returned that some low-level drone did the standard wipe so the laptop could be handed out to someone else for use.

      Maybe he did it on purpose, but I'm willing to accept that the school did it to themselves...

    3. Eddy Ito

      Re: Sounds like

      If you have a strong case you'll always find a lawyer that will represent you for free as they will push for the losers to pay the costs.

      Under US law each party pays their own expenses. States are allowed to codify loser pays into law but I don't know which, if any, actually do. One could include the request as part of the suit / counter suit but it doesn't seem common. There's a longer explanation at nolo.

      1. kain preacher

        Re: Sounds like

        In all states you have to sue for lawyer cost. Just for giggles you can look up on you tube were bank of America lost and refused to pay the legal cost. The lawyer showed up with a U haul and the police. Ther bank had a check in 30 minutes.

    4. Terrance Brennan

      Re: Sounds like

      Another problem only briefly mentioned in the article is that he lives in Chicago, Illinois but the school sued in state court in Indianapolis, Indiana, more than 180 miles from where he lives. About the same as living in London and having to defend a lawsuit in Leeds. This is a common tactic of companies to sue in their home state hoping the defendant either won't be able to or simply can't defend themselves in a distant court. I worked in Colorado for a company headquartered in Minnesota. when I was laid off they tried to condition my severance on agreeing that any dispute would have to be heard in a Minnesota court. Unfortunately for those assholes, my wife worked in HR and knew that Colorado employment law gave me the right to access Colorado courts if I was physically employed in the state. I'm sure the company's lawyers knew that as well, but figured I wouldn't.

    5. ecofeco Silver badge

      Re: Sounds like

      No just the school. They should have never fired the guy without first securing the keys. They are trying to conflate one incident with another so that people like you have some empathy for them, when it was most likely THEY who trashed the PC with all the tech notes, and did not verify and secure that they had all the passwords before firing and very damn likely they did racially discriminate

      The lone admin owes them nothing.

      But we'll just have to wait and see.

  5. Paranoid android

    I don't think it's a good idea to hold your previous employer ransom for access to their IT infrastructure. The employers look like they're a bunch of racist twats, but that's no reason to stoop to their level.

    1. TRT Silver badge

      ...bunch of racist twats...

      there's only one thing I hate more than Illinois nazis....

    2. ecofeco Silver badge

      But is he? The more I see this story, the more it looks like the school's fault all the way around.

      You fire me and then want something from me and I haven't broken any laws, you ARE going to pay out the ass or fuck off.

      1. Paranoid android

        Rereading the article a day later, I think you may be right.

  6. Stevie

    Bah!

    Seems like we aren't getting all the story from either side to me.

    Also seems like there is a problem if everyone in the email chain is named Richard.

    1. Richard 12 Silver badge

      Re: Bah!

      Just start using numbers, then it's easy.

      1. Rich 11
        Go

        Re: Bah!

        Just start using numbers, then it's easy.

        I disagree.

        1. TRT Silver badge

          Re: Bah!

          1 2345 67 890123455.

          The post is required, and must contain letters.

  7. Ragequit
    FAIL

    /facepalm

    I seriously doubt they had such a policy before this incident. They probably cooked it up or pointed at some vague clause somewhere in their employee policies. This is why admins aren't only walked out of the building (a little hard when they work from home), you sit them down and delegate their work on anything critical to other employees before you terminate them. Though having multiple accounts and a periodic review of these things is best. It's also nicer when access is regulated by certificates that can be revoked...

    As far as being racists? Who knows. Neither party seems like the brightest bulbs.

    1. Tom 7

      Re: /facepalm

      "you sit them down and delegate their work on anything critical to other employees before you terminate them." PMSL!

      That would require someone in HR who has event the faintest idea about how to do more than turn on the PC and ring the support desk, or more amusingly paying someone for about 3 years after you've fired them.

      I like to get everything to do with my work anywhere documented but never has any company ever wanted to pay for 1% of what was necessary.

    2. Anonymous Coward
      Anonymous Coward

      Re: /facepalm

      I doubt this school had any IT policies whatsoever before this incident. Seems like they had one computer guy who did whatever he wanted.

  8. casaloco

    Well of course...

    Well of course he had a non-work account setup as the administrator account. If something went wrong with the system, if all the logins were bound to his work google account, he wouldn't be able to get it to resolve it. For example if one of the muppets in finance did what they usually do and delayed paying an invoice for 8 weeks, and the email accounts got locked out for non-payment, he'd have no way to check the emails (or even communicate with google) to address the problem.

    1. Been there, done that, it never ends

      Re: Well of course...

      This was my first thought also. You don't put all your eggs in one basket.

      1. theModge

        Re: Well of course...

        You don't put all your eggs in one basket.

        You do not. But I've always set up new email accounts just for the job, rather than use a personal one. All very small business of course: I've no doubt big corporates have a better way round this nonsense.

        1. Rich 11

          Re: Well of course...

          ACE has a reason for describing it as a personal account, one which I'm sure a lawyer would enjoy picking apart.

        2. Robert Helpmann??
          Childcatcher

          Re: Well of course...

          First admin job I had I got because they fired all the other folks. The school I was working for at the time as a temp had half its budget slashed and they wanted to get through with just the bare minimum which is all they could afford. I was lucky in that my boss was kept on long enough to train me a bit and to give him a chance to find another job, but I wouldn't be surprised to find out this sort of scenario plays out a lot. Schools tend to be underfunded and to pay their staff less than the going rate. Their management tends to be not very technologically literate even for institutes that have IT curricula. The combination breeds situations of this nature.

          1. ecofeco Silver badge

            Re: Well of course...

            ...but I wouldn't be surprised to find out this sort of scenario plays out a lot.

            It does. I've been through several mergers and vendors changes and if the companies don't do what is required to secure access and keys to the kingdom, they are fucked. This includes a budget for the knowledge and number of employees required.

  9. JLV
    Facepalm

    Google-generated storm in teacup

    Why doesn't Google just restore access to representatives of the organization paying the bills? I presume it wasn't the admin's CC that was being debited.

    Sure, that plays havoc with automating everything, and it would require some thorough identity checks to prevent phishing. Perhaps, gasp, human to human interaction. But, geez, isn't that what happens everywhere else in these cases?

    1. Lee D Silver badge

      Re: Google-generated storm in teacup

      Google Apps (now GSuite) is free for educational users.

      That said, it's relatively easy to speak to someone there, re-confirm the domain ownership, and regain control.

      A saved password wouldn't have worked for them anyway, most likely. 2FA on everything is quite sensible and such things expire quickly for something as powerful as Google Apps.

      I bet one phone call to Google by a tech that knew what DNS was would have resolved the situation immediately.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Google-generated storm in teacup

        "That said, it's relatively easy to speak to someone there, re-confirm the domain ownership, and regain control."

        That is what I was thinking. These people must have not known how to use Google support or something. If you provide proof of domain ownership, show that you are paying the bills, something like that, I have to think Google is going to release the account. Also, how could people not access email? It should have all still been working just fine for existing users.

    2. ecofeco Silver badge

      Re: Google-generated storm in teacup

      Why doesn't Google just restore access to representatives of the organization paying the bills?

      Because manglement is too stupid to know this, let alone do it.

      Everyone outside of IT really does think computers are magic and anyone can do it. Yes, they really do suffer from severe cognitive dissonance. And everyone IN, IT also thinks just anyone can do it.

  10. Fan of Mr. Obvious
    Facepalm

    What ever happened to exit interviews?

    Blame the IT admin, the failed initial setup, whatever you wish. This could have/should have been avoided in with an exit interview that listed every account he had/had access to.

    Q) Who now has controlling access for the Gmail account?

    A) It is my personal account, so I do

    I am still amazed that with all the cloud, SaaS, IaaS, etc., BS happening that companies still can't figure out how to track this stuff. Maybe someone needs to set up a hosted instance and sell services?

    1. John Gamble
      Boffin

      Re: What ever happened to exit interviews?

      You have exit interviews with fired employees?

      I've only known exit interviews to happen when the employee's leaving isn't contentious.

      Hmm, student population is barely over 3,000 (no undergrads), so the IT department probably isn't much bigger than found in some small businesses. I doubt anyone else had the keys to the castle right when the administration needed them.

    2. Anonymous Coward
      Anonymous Coward

      Re: What ever happened to exit interviews?

      Exit interview with someone being constructively dismissed? Good luck with that.

    3. Terrance Brennan

      Re: What ever happened to exit interviews?

      I have a personal policy to refuse exit interviews. If the idiots don't know what I'm doing while I work there they deserve pain and suffering after I leave.

    4. ecofeco Silver badge

      Re: What ever happened to exit interviews?

      Companies do know how to track this stuff. They rely on the IT department for this function. But when you fire everyone in your IT department, well.....

      Much derp ensues...

  11. Tezfair

    hand over?

    When I lose a client I always ensure there is a documented handover because more often than not someone in the future might want me working for 'them' at a different company (has happened a few times), however interestingly a client that was brought out in Dec, their own IT team never at any time got in touch with me. So as far as I am concerned any future involvement is now billable. Otherwise god help them when their domain or email server throws a wobbly.

  12. Anonymous Coward
    WTF?

    Chicken & egg?

    Shortly after the American College of Education (ACE) in Indiana fired IT administrator Triano Williams in April, 2016, it found that it no longer had any employees with admin access to the Google email service used by the school.

    So if I understand the process right: Google needs an admin contact email address before you can create a work email service; but the college are saying he should have used one of the not yet created work email addresses?

    1. The First Dave

      Re: Chicken & egg?

      Yes, that really is what they are saying, but a half-way competent admin would have taken the extra five minutes (if he hadn't already) to set up a throw-away account (preferably NOT with Google) purely for this sort of thing, precisely so that it wasn't entangled either with his own shit, or with the main email/network provider.

  13. Anonymous Coward
    Anonymous Coward

    Lax Procedures

    Having just left a job, they haven't revoked my email account and I strongly suspect that if I tried the VPN access or some of the cloud-based stuff it would still work. Probably can't get to my old work PC though, I shut that down before I left.

    Some places really don't have a clue when it comes to proper IT policies. I should have been locked out of everything on the network no later than midnight that evening, and probably no later than the time I walked out the door after my "goodbye everyone" email.

    1. wyatt

      Re: Lax Procedures

      My brother left a big central university where he was rolling out a cashless payment system, after 4 years they still haven't locked out or deleted his accounts and he remotes in every so often to see how things are going.

      1. LionelB Silver badge
        Stop

        Re: Lax Procedures

        @Wyatt

        I think your brother needs to be very, very careful...

      2. 2460 Something

        Re: Lax Procedures

        he remotes in every so often to see how things are going.

        You/'Your Brother' need to stay away from that one. Not worth the possible prison time if someone notices and they decide to go after him on unlawful access.

        1. Boothy

          Re: Lax Procedures

          Not just unlawful access.

          If something went wrong on the system, even if completely unrelated to your brother, and the investigation then showed unauthorised access around the same time, they could well assume he was involved and call the authorities.

          Even if not guilty, just having the police requesting you come in to help with their enquiries doesn't look good to other people.

        2. wyatt

          Re: Lax Procedures

          I don't think he has considered the downsides of being able to access what he still can. He should know better..

    2. Anonymous IV

      Re: Lax Procedures

      > Some places really don't have a clue when it comes to proper IT policies. I should have been locked out of everything on the network no later than midnight that evening, and probably no later than the time I walked out the door after my "goodbye everyone" email.

      And you are saying that in this circumstance, with known policies in place, a wicked system administrator would have not taken nefarious actions before being shown the door?

    3. Anonymous Coward
      Anonymous Coward

      Re: Lax Procedures

      I see your 'lax procedures' and raise you.

      5 Jan was my last day at <name redacted>, a, ahem, 'major career college'. I still have the master key which opens every door to every room in the building except the front door. I still have the key which opens the little carts holding the laptops. I still have the key which opens the IT storage closets, and the other key which opens the main fire-resistant filing cabinets. And I still have my ID card, complete with mag strip, which does not expire until 31 Dec 2018. My email still works. Haven't tried the VPN, and probably won't. As the reason why 5 Jan was the last day is that corporate was shutting down that particular location, I'm pretty sure that the filing cabinets and the laptop carts will be going elsewhere, and where-ever they go the guys there won't have the least clue how many keys are supposed to go with them. I'm also sure that the IT closets will be emptied and the doors will be changed, so those keys won't matter. The email and the VPN, now.... No comment.

  14. Ian Michael Gumby

    Article Headline a bit misleading...

    They admin lost the case by default because he failed to show up to trial.

    Its a default judgement which means the school can make his life hell going forward.

    The guy shot himself in the foot. (IMHO) He should have helped them in good faith and then continued with his discrimination lawsuit.

    That would have worked in his favor. Instead the tactic he chose to use was in fact blackmail.

    Or rather could be seen negatively by the courts and described as blackmail.

    1. ecofeco Silver badge

      Re: Article Headline a bit misleading...

      Why should he have helped them in good faith? They fired him. Fuck them.

      He sent back the laptop. They failed to secure and verify they still had access before they fired him. They have a racial discrimination lawsuit against them. They are deliberately trying to conflate the two things to gain sympathy from suckers like you.

    2. usbac Silver badge

      Re: Article Headline a bit misleading...

      My grandfather was a lawyer, and he told me several times that default judgements are usually easy to get set aside. Any decent lawyer will do this. Especially if the case was tried out of the defendant's area.

      In the US, plaintiffs usually have to file the case in the defendant's jurisdiction. In this case, there may have been a clause in the employment agreement between the admin and the school that allowed them to sue in the school's jurisdiction. These kinds of clauses can also be ruled invalid (state employment law may have rules that override this).

      I've won default judgements, and never was able to collect. No one wants to enforce them. Try to get the police to enforce a default judgement.

  15. Anonymous South African Coward Bronze badge

    When I resigned, on the last day my manager sat with me and we went through all the logins.

    He changed the passwords afterwards, and terminated my VPN access.

    1. Rich 11

      So you're pretty certain you can get back in with 'abc123'?

  16. Hans 1
    WTF?

    Triano Williams goes to court

    Triano Williams was fired, fair enough, happens, but why did he act as he did ? He could have simply done the right thing, move admin access to another staffer and find another job.

    How on earth is Triano Williams gonna find another job in IT ? I am a lefty and "usually" side with the employee, but here, he has successfully killed his career in IT.

    Well done, mate!

    Of course, Cloud email, WTF ??? but ok, probably not his call ...

    1. Anonymous Coward
      Anonymous Coward

      Re: Triano Williams goes to court

      It's unlikely he's destroyed his career, people make mistakes and to be fair he's unlikely ever to make another like this. From his actions it sounds as if he's fairly young too.

      Doubt he'll get a good reference though!

      1. Anonymous Coward
        Anonymous Coward

        Re: Triano Williams goes to court

        He *has* killed his prospects for a career in IT, at least in the near future. Most folks look up a name on Google when getting a resume, and I for one would hesitate to give this guy an inteview after googling his name.

        1. Terrance Brennan

          Re: Triano Williams goes to court

          So, whether or not he actually did anything wrong his IT career is dead? Sounds like an opportunity for blackmail on the part of the employer, bend over and take it or we make you unemployable.

    2. foo_bar_baz
      Alert

      Re: Triano Williams goes to court

      I'm intrigued by the cloud email comment. In my experience many IT houses - even ones with thousands of employees, that ironically enough also might provide Exchange to clients - use cloud email from Microsoft and Google.

      I use gmail as my personal mail but am considering going back to self hosted. More due to political-social principles than security, features or cost.

    3. ecofeco Silver badge

      Re: Triano Williams goes to court

      Didn't read the article did you? There was NO other staffer. It was just him running the whole thing.

      He sent the laptop back with the tech notes. The school failed to verify they had access and didn't know until a MONTH after he left. Why? Because there was NO one else in the IT department.

      If he can show "the paper trail" then fuck the school.

  17. really nope

    Poor management credit a problem , blame the person being managed , simple really.

  18. stu 4

    "African American"

    Christ El Reg - do we have to use the same racist bullshit nonsense language of americans here.

    the man is BLACK - the pretty much international recognised term.

    African American. Italian American, Irish American - its utter jingoistic bullshit and imho only adds to the racist issues this country seems to continually struggle with.

    1. IsJustabloke
      Thumb Up

      Re: "African American"

      "African American. Italian American, Irish American - its utter jingoistic bullshit and imho only adds to the racist issues this country seems to continually struggle with."

      I agree 100% I've often said that if they spent more time being "Americans" rather than [race] American. The language itself serves to segregate.

      Sadly, it seems to be creeping into the language here in the UK. :(

      1. Joe Harrison

        Re: "African American"

        I have been caught by this when I worked in the US. A colleague sounded to me just like the other Americans but proudly told me she was Polish. I complimented her excellent English and asked how long she had been in the USA. Cue stunned confusion - she was born in New York but third generation people still adopt the nationality of their grandparents.

        1. IsJustabloke

          Re: "African American"

          "he was born in New York but third generation people still adopt the nationality of their grandparents"

          yep... there's nothing or nobody as Irish as a 3rd generation Irish american ( you can substitute any original nationality you like for Irish)

          I find it crazy.. I have an Italian heritage but I don't run around calling myself Italian British... I run around calling myself English because that's what I am!

          Celebrate your heritage by all means (I do!) but celebrate the land of your birth/nationality first.

          1. TRT Silver badge

            Re: "African American"

            I'm an utter mongrel. It can help if you include that as an answer to "Racial grouping" on a form for security clearance. Nationality is clear enough, it says it on my passport.

      2. Darth.0

        Re: "African American"

        Never quite understood why your ethnic heritage is considered a race; as I see it, we all belong to the same one, the human race.

    2. usbac Silver badge

      Re: "African American"

      I used to work with a very intelligent young IT guy. He was about 20-21. He had just moved to the US from South Africa. He was about as pale-while as you can get.

      When he started applying for financial aid to go to college, he noted his race on the financial aid form as "African-American"*. Later, when he was interviewed, they said "you are not African-American, you are white". They even went so far as to try to prosecute him for falsifying documents.

      My lawyer grandfather got involved. He really hated all of this politically-correct bullshit, and told the school that he would love to try this case in court. He said he would like to see them prove that he isn't African-American. He wanted to get it into the local newspaper. Sadly, they just wanted to brush it under the rug.

      * You see, in the US, if you belong to certain race groups, you get preferential treatment for financial aid for college. Apparently, racism and discrimination is okay as long as it goes along with the politically correct agenda.

      1. Anonymous Coward
        Anonymous Coward

        Re: "African American"

        I have often wondered if there is an actual defninition of African American. It just seems to be a total nonsense term to me.

        Is it if you have any African ancestry? In which case, every American is an African American.

        Do you have to have African ancestry in the previous X generations? If so, then do your progeny stop being African American at some point?

        Is it to do with skin colour? If so, is there are shade chart which shows the cutoff? What if you are an albino?

        Can't we all just be "people".

        (Full disclosure, I am English of white European descent, with an English wife of black Jamaican descent and 2 gorgeous kids with a nice mix of both of us).

  19. Steve B

    It is not so much the companies as the idiot management.

    Our owner closed the offices and transferred everything back to his old company. I did many proper handovers with everything well scheduled, but at the end they decided they knew better and came to visit me for a recap. As I said goodbye, see you next week, the chap, very embarrassed, stated that he was there to lock me out of the building as the managemnt had decided I was being terminated early. Fair enough, but a couple of weeks later when they had parcelled everything up and moved it, they could not figure out how it went together and which PC was which for development, production databases etc. I was offered minimum wage and petrol money to commute 100 miles each way for a week to sort it out for them. I told them the password - which they already knew- and left it at that.

    1. kmac499

      Re: It is not so much the companies as the idiot management.

      Karma Sweet Karma, It always gives you a nice warm feeling when you've done everything fairly and honourably.

      In a multi PC setup I do something as simple as tiling the PCs name and function on the wallpaper and screensaver. Really useful when you've got several crates linked to one terminal via a KVM switch.

    2. ecofeco Silver badge

      Re: It is not so much the companies as the idiot management.

      Exactly. They fired this guy without first securing and verifying their access. Fuck them.

      Negligence on their part is not malice on his part.

      1. Pirate Dave Silver badge
        Pirate

        Re: It is not so much the companies as the idiot management.

        @ecofeco - sorry I can only give you one upvote. In spirit, you have my entire quota of upvotes for the day.

        If you're going to fire the one guy who knows how to use the IT magic wand, then you'd damned sure better have another Wizard with all the passwords waiting in the wings before you call him into your office. Because once you say "You're fired", his only required response after that is "Fuck you!". If you think you can live without his contributions going forward, then you have to live without his contributions going forward. Simples, no?

  20. Anonymous Coward
    Anonymous Coward

    The core reason this happened.

    The school filled a quota for diversity and didn't care for the training of the applicant. All they had to do was spell, "Computer" and they were hired. The article describes most colleges and universities in the US. Screw training and experience, hire them on diversity. This should be the poster child of what not to do when hiring IT. Adding the admin account to his personal account? That's not Rookie, that is untrained, unskilled, and stupid. The school that taught him, (If they did) should be ashamed. Sadly this is a growing trend. Screw skill let's hire them because they are a woman, not white, and/or something that will make the school stand out above all the rest. This is not a bigoted response, this is a tried and true experience speaking. This is what happens when you try and advertise your college or university, "Is with the times" without following proper selection process. Oh wait, HR and the IT Dept head were probably hired the same way.

  21. Korev Silver badge
    Childcatcher

    One and a half pages of comments and nothing about this chap being a real life BOFH!

    Won't someone think of the children?

  22. GrapeBunch

    Indiana Wants Me

    https://www.youtube.com/watch?v=lDppeMt0FeQ

    a pop song from 1970.

    I'd speculate there's jurisdictional rasslin going on. I'd guess that to enforce $ the Indiana judgment, the college will have to go to an Illinois court. And that Triano is saving his best efforts for that encounter. IANAL.

    In Canada, there is a government policy, called "Multiculturalism" under which you celebrate your ethnic heritage. Or, frankly, anybody's ethnic heritage. There's a lot of pale-skinned people who get very happy on the weekend of the Jamaican celebration, for example. I think it has a deeper educational purpose, to help people realize that "united we stand", as opposed to the individualistic model where individual rights are protected only by heavily-armed individuals. By the same token, people in each country are going to call themselves whatever they want, so let's celebrate that, too. Each labeling anomaly, if you like, is conditioned by events that outsiders rarely fully appreciate. Educate yourselves, if you wish, but afterwards you may say "I'd rather not have known that."

    My grandmother telegrammed my father: "You're not marrying a [racial or religious affiliation omitted] are you?" but later grandmother and mother got along "like a house on fire" (that's a Good Thing). The divisions and hierarchies that our ancestors found central, hardly matter anymore. And that's also a Good Thing.

    Instead of "utter mongrel", I prefer "hybrid vigour". Unlike the royal houses of Europe, eh?

  23. DrXym

    Extortion

    The guy's mistake was to demand $200,000 opening himself up to charges of extortion. He should have just point blank refused to cooperate. It's not his problem they're locked out. They fired him, they can deal with the aftermath.

    As for questioning people using Gmail. Gmail for business is quite good which is why lots of companies use it. It's certainly not suitable for every place, but it beats having to run, administer and backup email servers for small businesses or those without the resources for a full IT department.

  24. BuckeyeB

    It's always about race

    It's never about competence.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like