Best practice: Should I always install a fresh OS for new employees?
I had an argument with a superior about this. Though at first glance the prior user of a laptop only did work in his own documents-folders, should I always install a new OS for the next user or is deleting the old profile enough? The software that is installed is mostly also needed by the next user.
I think an install is needed, but except my own argument of viruses and private data, what reasons are there for doing so?
At our company it is allowed to use the PC for e.g. private mail, on some PCs are even games installed. We have kinda mobile users, that are often on site at a customer, so I don't really blame them.
Also because of that we have a lot of local admins out there.
I know both the private use and the availability of local admin-accounts aren't good ideas, but that's how it was handled before I worked here and I can only change this once I am out of traineeship ;)
Edit: I think all of the answers posted are relevant, and I also know that a couple of the practices we have at my company aren't the best to begin with (local admin for too many people for example ;).
As of now, I think the most usable answer for a discussion would be the one from Ryder. Although the example he gave in his answer may be exaggerated, it has happened before that a former employee forgot private data. I recently found a retail copy of the game Runaway in a old laptop and we had a couple of cases of remaining private images, too.
Absolutely you should. It's not just common sense from a security POV, it should also be practice as matter of business ethics.
Let's imagine the following scenario: Alice leaves, and her computer is transferred to Bob. Bob didn't know it, but Alice was into illegal shota porn and left several files tucked away outside of her profile. IT wipes her profile and nothing else, which included only her browsing history and local files.
One day, Bob is checking out the bells and whistles on his shiny new work machine, while sitting at a Starbucks™ and sipping at a latte. He stumbles across Alice's cache and innocently clicks on a file that looks strange. Suddenly, every head in the store whips around to watch in horror as Bob's PC flouts several state and federal regulations at full volume. One little girl in the corner starts crying.
Bob is mortified. After six months of depression and after having been fired for his unintentional act of public indecency (and possible criminal charges), he finds himself a really crackin' legal team and lays waste to his former employer with an outrageously damaging lawsuit. Alice is in Thailand and escapes extradition.
Maybe all this is a little beyond the pale, but it absolutely could happen if you don't take the time to scour through a former employee's every action. Or you could save time, and reinstall from scratch.
You should definitely reset/reinstall the computers. There could be malicious programs on it that would put the business at risk. Those could be viruses or trojans or something the former employee left there intentionally (not everybody leaves on good terms). All reasons in @axl's reply are valid, too.
To make your life easier, create a snapshot/image/backup of a freshly installed computer with all your usual software already installed and just push this on every new or recycled computer. No manual reinstall needed.
I'm not an IT admin, but my feeling is that you should reinstall for a couple of reasons:
Local admins can take ownership of the previous user's files.
You're less likely to have to deal with problems arising from system changes made by the old user.
The old user's personal applications would still be available in Program Files.
If you don't have local admins and they really can't change or access anything outside their home folder, then I'd be less concerned, but then there's always disk space to consider.
Have you considered using Ghost or another imaging system instead of manually installing all the software?
If all machines you handle are identical (or there are groups of identical machines), make a clean install once, update the OS and install basic software the users will need. Then create a HDD image, which you can restore the system from in case of reassigning the machine to another user, HDD failure, virus infection, etc.
All you have to do is just is restore the "clean install" HDD contents from disk image, and change the Windows product key if this is needed.
If you want to protect the HDDs against users using forensic tools - use a data shredding tool (e.g. shred, available in most linux distros) on the HDD before restoring data from the image to it. With about an hour's worth of work you can even prepare a live USB that'll shred the HDD then re-fill it with data from the image.
This way you can save yourself quite a bit of work while still protecting users' and company's data.