ShoreTel Phone Security and the Terminated Employee ( a lesson in User Groups)

Recently a client discoverd that at terminated employee, gone for almost a month, was still answering his office extension from his cell phone!  We have so many technology options for mobility today that the HR deparment most be going nuts trying to keep the “exit interview” check list up to date!   Without commenting on the HR ramifications, IT system administrators have long had to contend with terminated employees and how to handle remote access, email and the other regular components of an advanced Information Technology.  With the advent of VoIP, most IT organizations have now had to add the telephone system to the growing list of security access concerens.
This blog and video clip was created to knock off a couple of concepts simultaneously.   First, adminstrators want to know how to configure permissions for different user types.   Clearly the folks who work in the call center are supervised by managers that require a set of features that might enable monitoring, barge in and call recording.  The Kitchen and Lobby phone do not need voice mail boxes and should only be enabled for extension to extension calling and 911 service.  Do we need to set up Account Codes for International dialing?   Who must enter an Accout code to make a phone call and who has Supreme being features?  The list goes on.    Do you allow your Users to reassign there extensions to external numbers, like the home office or cell phone?   If that employee leaves the company, do you have a plan in place as to how to manage that employees incoming phone calls?  This is where the concept of a ShoreTel Use Group can be exploited to rapidly nail down departing employees call flow.
The concept of a “containeer” as a mechnism for treating a class of users has been utilized as a programming convention since the first bit stream.   Microsoft System administrators will be immediatley comfortable with the concept, as will any IT professional who has system administration responsibility.   The concept is simple: rather than create a each individual and then list out their permissions, previldeges and class of service; lets “contain” them in a “group” and apply the permissions against the group.   This makes it easy to administer large populations of users who may share similar system facilities.  In ShoreTel, the concept of class of service, is defined and applied to a container named “User Group”.
Out of the box, ShoreTel has a predefined family of User Groups arbitraily but apptly named Exeucitve, Manager, Staff and so on.  Each user group contains a set of permissions defined as a Class of Service.  These services include permissions regarding the telephony features available to this user, the users dialing restrictions and also define key attributes about the users Voice Mail box.   In ShoreTel, certain features like “call forwarding” and “find me/follow me” require the user to have a Voice Mailbox, so understanding how these permissions are configured is essential to the creation of a secruity policy for your phone system.  If you allow the use of “find me follow me” or the ShoreTel “Personal Operator” funtion you might want to limit the range that those calling permission might include.  (If you want to talk to Mom in Italy, call my extension after hours and press zero when you here my greeting” is one of my personal favorites).
The video clip walks you through the process of creating a new User Group aptly named “Terminated Employee”.  This User Group then encompasses a body of restrictions that can be applied to a User, in this case a departing employee, with just a couple of key strokes.   The goal here is to nail down the employees call flow while you are working out the details of transitioning the employees work flow.    Clearly, you can just delete the user and be done with it, but normally business is not that simple.  Employees are part of Work Groups or  Hunt Groups that define a work flow and sometimes it takes a transition plan to get the details worked out.  In the mean time, we need to secure the phone!

Recently a client discovered that at terminated employee, gone for almost a month, was still answering his office extension from his cell phone!  We have so many technology options for mobility today that the HR department most be going nuts trying to keep the “exit interview” check list up to date!   Without commenting on the HR ramifications, IT system administrators have long had to contend with terminated employees and how to handle remote access, email and the other regular components of an advanced Information Technology.  With the advent of VoIP, most IT organizations have now had to add the telephone system to the growing list of security access concerns.

This blog and video clip was created to knock off a couple of concepts simultaneously.   First, administrator want to know how to configure permissions for different user types.   Clearly the folks who work in the call center are supervised by managers that require a set of features that might enable monitoring, barge in and call recording.  The Kitchen and Lobby phone do not need voice mail boxes and should only be enabled for extension to extension calling and 911 service.  Do we need to set up Account Codes for International dialing?   Who must enter an Account code to make a phone call and who has Supreme being features?  The list goes on.    Do you allow your Users to reassign there extensions to external numbers, like the home office or cell phone?   If that employee leaves the company, do you have a plan in place as to how to manage that employees incoming phone calls?  This is where the concept of a ShoreTel Use Group can be exploited to rapidly nail down departing employees call flow.

The concept of a “container” as a mechanism for treating a class of users has been utilized as a programming convention since the first bit stream.   Microsoft System administrators will be immediately comfortable with the concept, as will any IT professional who has system administration responsibility.   The concept is simple: rather than create a each individual and then list out their permissions, privileges and class of service; lets “contain” them in a “group” and apply the permissions against the group.   This makes it easy to administer large populations of users who may share similar system facilities.  In ShoreTel, the concept of class of service, is defined and applied to a container named “User Group”.

Out of the box, ShoreTel has a predefined family of User Groups arbitrarily but apply named Executive, Manager, Staff and so on.  Each user group contains a set of permissions defined as a Class of Service.  These services include permissions regarding the telephony features available to this user, the users dialing restrictions and also define key attributes about the users Voice Mail box.   In ShoreTel, certain features like “call forwarding” and “find me/follow me” require the user to have a Voice Mailbox, so understanding how these permissions are configured is essential to the creation of a security policy for your phone system.  If you allow the use of “find me follow me” or the ShoreTel “Personal Operator” function you might want to limit the range that those calling permission might include.  (If you want to talk to Mom in Italy, call my extension after hours and press zero when you here my greeting” is one of my personal favorites).

The video clip walks you through the process of creating a new User Group aptly named “Terminated Employee”.  This User Group then encompasses a body of restrictions that can be applied to a User, in this case a departing employee, with just a couple of key strokes.   The goal here is to nail down the employees call flow while you are working out the details of transitioning the employees work flow.    Clearly, you can just delete the user and be done with it, but normally business is not that simple.  Employees are part of Work Groups or  Hunt Groups that define a work flow and sometimes it takes a transition plan to get the details worked out.  In the mean time, we need to secure the phone!