It’s always nice when your own auditors follow company policy. We have an external auditor in for the next 6 week in order to obtain FISMA certification. At the kickoff meeting, we told the auditors that they were not allowed to put their computers on our internal network, but they were more than welcome to use our guest wireless. This information was also on the account request form that they signed.
I had a feeling that they weren’t going to follow our policy. We don’t currently have a technical mechanism in place to enforce such a policy. I opened our DHCP management console and sure enough 5 computers had a DHCP lease with a computername and domain giving away that their owner was this auditing firm.
So I was able to bust them on that, and prove to them that we do review the logs and record anomalies in servicedesk.