Your IT person just gave notice. Maybe two weeks, maybe none. They're the only one who knows the passwords, the vendor contacts, why the server closet is wired the way it is, and what that one scheduled task does at 2 a.m. Every small company with a single IT person is one resignation away from this moment, and most discover their exposure the day it happens. Here's the plan we run when clients call us mid-panic, in order, because the order matters.
Day one: lock down access
Do this before anything else, even if the departure is friendly. Especially if it isn't. This is not an accusation, it's hygiene, and a professional IT person will expect it.
- Change every shared and administrative password. Domain admin, Microsoft 365 or Google Workspace admin, firewall, backup console, website registrar and DNS, banking and payment platforms, remote access tools.
- Disable their accounts on their last day, not the Friday after. Kill VPN access, revoke MFA tokens, deactivate any remote monitoring agent tied to their account, collect laptops and keys.
- Check for the quiet doors. Personal email set up as a recovery address on admin accounts. Remote access software (TeamViewer, AnyDesk, Chrome Remote Desktop) installed on servers. API keys and service accounts they created. Auto-forwarding rules on mailboxes.
- Find out what's registered where. The nightmare scenario is your domain name, SSL certificates, or Microsoft tenant registered under their personal email. It happens constantly with long-tenured solo IT people, not out of malice, just convenience years ago. Get those transferred to a company-owned account now, while they're still reachable and cooperative.
If you don't have the admin passwords at all, that's the day-one project. Recovering control of your own systems is doable but much easier with the departing person's help than without it.
Week one: capture knowledge while you can
If you have notice time, their remaining days are worth more as documentation than as ticket work. Let small problems wait. Sit them down, record the sessions if they're comfortable with it, and extract:
- An asset list. Every server, what runs on it, and what breaks if it goes down. Every network device and where it lives. Every software subscription, what it costs, and when it renews.
- The credential map. Not just passwords, but which account is the admin for which system. Put it all in a proper password manager owned by the company, today.
- Vendor and support contacts. The ISP account number, the phone system vendor, whoever supports the line-of-business app, and whether support contracts are active.
- Backups. What's backed up, where it goes, how to restore, and when a restore was last actually tested. Ask them to demonstrate one restore. This is the single most valuable hour of the whole handoff.
- The weird stuff. Every environment has three or four things only the resident knows: the scheduled job that must not be disabled, the printer that needs a static IP, the reason the guest Wi-Fi is on that VLAN. Ask directly: "what will bite the next person?"
If they left with no notice, run the same list as an audit instead of an interview. It takes longer and you'll find surprises, which is exactly why it can't wait.
Weeks one and two: bridge with contract coverage
Don't try to sprint a permanent hire. A rushed search for "someone, anyone, who knows computers" is how the last emergency hire happened, and a good permanent search for a sysadmin realistically takes weeks to a few months. Meanwhile the tickets don't stop.
Contract coverage bridges the gap. An experienced contract sysadmin can start within days, keep the lights on, and, just as valuable, audit the environment with fresh eyes while your search runs at a sane pace. Expect the first week to be discovery: they'll work through the same asset-and-access list above and tell you what shape you're actually in. Often they find that the panic was overblown and the environment mostly runs itself for a few weeks. Sometimes they find the backups haven't succeeded since spring. Either way, you'd rather know.
The bridge also buys you a better decision. With a contractor holding things steady, you can ask the question the resignation raised: does this business actually need one full-time IT employee, or would ongoing managed support cover it for less? Plenty of companies rebuild after a departure with a part-time or fully outsourced model and never replace the role at all. Others confirm they need the hire and now have time to screen properly. Both are fine outcomes. Deciding under a two-week deadline produces neither.
How to know you've landed it
A month out, the test is simple. Every system has a company-owned admin credential in a company-owned password manager. Nothing critical is registered to a personal email. There's a document a competent stranger could use to run your environment, because a competent stranger just proved it. And whoever comes next, employee or contractor, inherits a documented environment instead of a mystery. That last part is the real fix, because the actual lesson of this whole episode isn't about the person who quit. It's that the company's IT knowledge lived in one head. Whatever you rebuild, don't rebuild that.
Stuck on this, or want it done for you? That's the job.
Email us →