User Termination Best Practices

We never share your data. Privacy Policy

Ensuring that each departing employee retains no access to your IT infrastructure is critical to protecting your systems and data — but there are more steps than you might think.

How to off-board an employee for good

  • Disable the departing employee’s account in Active Directory immediately; after 30 days, remove it.
  • Disable the user’s email login; forward email to the user’s manager for as long as needed.
  • Terminate VPN and Remote Desktop access.
  • Terminate access to remote web tools (web apps, Office 365, e-mail, etc.).
  • Terminate access to voicemail. Forward phone and voicemail to the user’s manager, and delete them at the manager’s convenience.
  • Disable access to business applications such as SAP.
  • Change all shared account passwords that the departing user knows.
  • Move the user’s personal share data and email archive to the manager’s account; delete them at the manager’s convenience.
  • Reset the “FAX/SCAN to e-mail” setting on multi-function printers.
  • Remove the user from email group lists, distribution lists, internal phone lists and websites.
  • Connect to the user’s workstation and shut it down.
  • Retrieve or disable all company-owned physical assets (computer, laptop, phones, tablet, etc.) assigned to the user, and update the IT inventory.
  • Copy all needed local data from employee’s computer to manager’s one.
  • Change any access codes the user knows, such as PINs for accessing secured rooms.
  • Remove any personal belongings from the user’s work area.
  • Inform company staff that the user is no longer employed there.