User De-Provisioning

What Does User De-Provisioning Mean?

User de-provisioning is the process of removing access of an
individual user to an organization’s resources. This can include removing user
accounts on individual machines or servers, or from authentication servers like
Active Directory. It can also include removing a user’s machine entirely.
De-provisioning is usually done when a user leaves an organization.


Techopedia Explains User De-Provisioning

User de-provisioning removes a user account’s access to some computing resources. The reasons for this might be a user leaving an organization, such as a student graduating from a university or an employee leaving a company. This can range from removing accounts on file servers to taking away machines issued by a company, as in the case of company-owned laptops.

Proper user de-provisioning is an important security practice. Not removing user accounts promptly when a user leaves could leave important resources exposed to malicious users, whether a hacker or a fired employee who wants to get revenge against a former employer by deleting or stealing important information. Microsoft’s Active Directory and similar tools have the ability to automatically expire accounts, which can be useful for companies employing short-term contract workers. There are other third-party programs that can audit Active Directory to monitor changes and roll them back if necessary.


Related Terms

Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.