Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
User de-provisioning is the process of removing access of an individual user to an organization’s resources. This can include removing user accounts on individual machines or servers, or from authentication servers like Active Directory. It can also include removing a user’s machine entirely. De-provisioning is usually done when a user leaves an organization.
User de-provisioning removes a user account’s access to some computing resources. The reasons for this might be a user leaving an organization, such as a student graduating from a university or an employee leaving a company. This can range from removing accounts on file servers to taking away machines issued by a company, as in the case of company-owned laptops.
Proper user de-provisioning is an important security practice. Not removing user accounts promptly when a user leaves could leave important resources exposed to malicious users, whether a hacker or a fired employee who wants to get revenge against a former employer by deleting or stealing important information. Microsoft’s Active Directory and similar tools have the ability to automatically expire accounts, which can be useful for companies employing short-term contract workers. There are other third-party programs that can audit Active Directory to monitor changes and roll them back if necessary.