Slashdot Mirror
The Oft Frustrating Job of a Sysadmin
I_Love_Pocky! writes "Sysadmin Co. is a hilarious site built by some sysadmins at an ISP to help them vent their frustrations with dealing with non-tech types. This site is gives a hilarious picture of the daily frustrations of dealing with the inept. I am interested to see if these stories strike a chord with other admins out there."
Then again, I have found that treating my userbase as people, and not as trained monkeys, tends to have better results than trying to be mister 31337 BOFH.
I worked support for a long time. I don't think the users are inept...I think they just have other interests besides computers. I mean, if a brain surgeon or nobel prize winner calls for help on setting up dialup networking, are they a idiot user? I don't see doctors making websites about what idiots we are when we call them for medical advice.
I thought it was intentional at first - clicked on the 'quote of the day' link and got:
/home/garweb/inc/connection.php on line 15
Warning: mysql_pconnect(): Too many connections in
I thought that was a pretty poignant quote, as any php/mysql admin will attest..
>bleh. if they had any brains, they'd be designing these systems, not servicing them.
Would you mind filling us dummies in on why you hadn't made your own backups?
I have a PhD cust who spends like 400 a month for ISDN as opposed to DSL (it is available to him) and I always shamefully get his transferred calls:
PhD: Look I know what I'm doing I have a PhD and I'm telling you your system is erratic
Meanwhile the guy has his modem set to dial his own phone number AND HE USES CAPS ALL THE TIME so his username/password is almost always the issue. This after I've spoken to him like umpteen who knows how many times. He also has a T1 at his company and always calls:
PhD: my router isn't working and I'm getting very tired of your company doing this to me.
Meanwhile he disconnects his routers to put on wireless switches, faxes, jams phone cords in his ethernet ports, tries to jam his T1 cord into his phone, tries to make calls through his T1 you name it. I have no pity for people you have to explain things over to a trillion times. Users suck
MoFscker
The most dangerous sysadmin is the one who believes that he's dealing with inept people when the real ineptness is found within. Whole corporate IT policies are dictated by these people *all* the time.
Another good one from this week was a user who called in to complain that she conneted to the internet fine, but didn't get any webpages after connecting. I asked what she clicked on to connect, and she said the shortcut to her connection. What did she click after that? Nothing. I advised her to open Internet Explorer and click on things.
I don't really mind users who are ignorant, but competent. I do mind users for whom I have to repeat SMTP, not SMPT ad infinitum, or who phone in to basically have me read error messages back to them. Willful ignorance is what is bad, be it in regards to computers or anything else one deals with. At least attempt to understand what's going on with the device you paid $2000 for. Don't assume that just because you pay your $20 monthly fee that you'll have your hand held everytime you are too lazy to read the message that pops up in bold text a foot in front of your eyes.
PHP passed the error just fine to Apache, which in turn displayed it in your browser.
At one place I worked, not only could you not install your own software by default, but in fact had no access at all (much less write access) to most of your own C: drive.
So, just a matter of curiosity, you think that it would be better to run an environment where any user can install unlicenesed software and delete critical system files? How about get infected with a virus, and due to thier heightened access it's able to delete the OS. To be perfectly honest in today's IT world, you can't trust the people using the systems with any sort of access that can affect the system itself.
Unfortunately that goes double for the "technically inclined" users. Sure, you may have have a top notch, dual processor, 5 gig ram desktop at home running 200 different operating systems on a souped up wireless network but you don't know THIS environement. Things are different in a large network environment, and if it's not your job to run it, you probably don't know all the rules. I have had to spend more hours than I care to count fixing something some developer broke because his manaager forced us to give him administrative access on his machine. It's rarely that the person isn't technically capable, but that they don't know how our systems are set up. It's easy for someone to make a mistake when they have access to things they don't understand.
It is by no means an insult to your technical abilities to lock your machine down. It is simply the only way for the sysadmins that are responsible for your system to ensure that it's working properly.
I'm sorry if I seem a little testy, but I just spent 2 weeks screwing with virus damage because certain users have access to things they don't need. This post just hit a well timed nerve...
So Pure. So Simple.
It's Art
"It is a greater offense to steal men's labor, than their clothes"
Programmers as a general rule think they're the shit, even when they're not. Just like in my world of system administration there are five "paper" MCSEs and CCNAs for every one real system or network admin, there's five dumbshit programmers who only got into the field for the money for every true geek programmer. And these dumbshits think that since they spent three or four years in some school learning how to program, they're naturally qualified to do *my* job as well.
The fact that you find it strange that you didn't have access to your own C: drive is a typical reaction, but there's a good reason for it. That's not your C: drive. That's my C: drive. Who has to rebuild it if you fuck it up? Who has to troubleshoot it when your shit stops working on you and you call for support? Who gets blamed for you not being able to meet your deadline because your computer mysteriously crashed? Me. The sysadmin. I do. I'll get blamed even if I can prove you intentionally deleted the kernel just to keep from having to work towards your own unreasonable deadline, because they'll blame me for giving you improper access against company policy, even though I did it to you as a favor because you claimed you needed that access in order to meet your important deadline.
As a general rule, most sysadmins will give you only the bare minimum level of access you need to do your job. And if it's at all possible to get away with giving you less than that, we'll do it. We don't do it because we're facist rules nazis. We do it because too often it's our own ass if we don't. The last virus our company got was brought in by the development team, because we trusted them to know how to install virus detection software on their systems and know how to update the .dat files regularly, and it turned out that trust was severely misplaced. Who got blamed? We did. Not the ignorant programmers. We got the blame for not taking care of the systems we were told we could trust them to maintain.
So, yeah, if you don't have access to your C: drive, it's because the sysadmin doesn't trust you. But don't take it personally. He/she doesn't trust anybody. There may yet be hope. If you can prove your geekdom sufficiently to your local SA, you can usually earn some trust that way. We may be a totally paranoid lot, but we know true brothers and sisters when we meet them. If you can earn our trust we can usually see our way clear to bending the rules for you a few times. But don't cross us. The first time you make your SA work all weekend to fix up a mess you made of a server due to your code running at some level of access you shouldn't have been able to run it at in the first place, you'll get shitlisted, and good luck getting back in his/her good graces after that.
Then again, maybe your entire systems admin staff are a bunch of paper admins and aren't true geeks at all. If so, I'm sorry. There's not much you can do.
-- Dave
Making fun of dumb people since 2009
If one was truely smart, one would understand when a non-technical user was explaining a problem or making a request. Otherwise one would just make jokes with the others who also cannot in order make one's self feel superior when in reality one's not...
...especially if it's one's job!
You also have to remember, that their interpretation of what the IT guy said.
Mod point free since 2001
Whenever I hear something like this, I cringe. If you asked a UI designer for the probable intent of "dragging a program shortcut to a backup device," what do you think they would tell you?
It can only reasonably mean one of two things:
1. Back up this program, or
2. Back up the user files associated with this program.
The principles in UI design should be:
1. What is a list of all the tasks a user might want to do?
2. What is a list of all the ways a user might try to interact with the UI?
3. Is there a complete and logical mapping?
If there are undefined cases, then the UI is broken. If there are cases where an interaction has multiple intuitive meanings, the UI is broken. If the common functions are not accessible by intuitive interaction, then the UI is broken.
Why is it perfectly acceptable for a set of software in common use by millions of people to have an utterly broken UI?
Yep, you're right. That does sound like moronic synching software. And backups would seem to have been a good idea.
Then again, this was a high school we're talking about. Nobody dies, nobody loses any money, life goes on in the rest of the world if students lose some files.
The parent poster doesn't mention when this anecdote dates from. If he was doing video editing not that many years ago, he might well have been soaking up a significant amount of the school's total available networked storage, and backing it up might have represented an 'unreasonable' expenditure of time and money for the local sysadmin...who might have also had teaching duties, but also had to repair vandalized equipment, manage hardware from new to eight years old from six different vendors running three different operating systems, and plead for funding from the school board.
The sysadmin might have made backups of 'critical' stuff to keep the network and frequently used applications running, but figured that most students would only use the network for doing research and writing papers small enough to fit on a floppy.
If I was going to do large, long-term work on a network that seemed held together by chewing gum and prayer, I might be tempted to ask the sysadmin about it. If I was going to do a project that sucked up significant shared storage resources, I might mention it out of courtesy, too.
And the parent poster has learned a valuable lesson about keeping backups, hasn't he? (The rest of us have all been burned by a drive failure or the like once, and then we learned.) Bummer about losing half a semester's work, but going two or three months without making a backup...?
I'm a graduate student, and I know that the networked storage at my institution is mirrored instantaneously offsite, and backed up to tape every evening. I don't take it off the network until it's been burned to two CDs--one for the office and one offsite at home--as well as a live copy on my local hard drive. (Everyone checks their CD backups periodically, right?)
~Idarubicin
For me, the worst, most frustrating part is having to wear too many hats.
I find it really difficult to simultaneously do development and administration work.
For me, development work requires focus. I don't think I am too whacky there.
As an administrator, working on a collection of networks that have evolved over quite some time since well before I started working here, I have to be constantly vigilant and constantly available to deal with issues as they arise. I like to be proactive, finding and fixing things before they become an issue.
These (development and administration) are, I feel, incompatible.
If I am to do good development work, I need a clear head and focus; I can't keep being interrupted to deal with disasters ('Help! I deleted a critical database file! You have to restore it *RIGHT*NOW*!!!!!').
Doing proactive maintenance work takes time; if I am busy doing development work, I don't have time to do enough proactive maintenance.
And believe me, we *need* proactive disaster avoidance work.
I think that more division of labor is required; I mean for heavens sake, its one of the first principles that programmers learn!
In the free world the media isn't government run; the government is media run.
I understand your point of view, believe me. You just want to get something installed so you can get some work done. I'd probably let someone like you have more leeway...once I was truly convinced you knew your shit.
Some of my most bitter work experiences have been caused by wannabe sysadmins creating a big mess for me to fix. When you manage to surmount cut budgets, prima donnas, politics, shoddy product and manage to get things working at least on a minimal level, you don't want anybody screwing around with the machines. It invariably generates hair tearing. I have to do things like explain to indignant teachers "No you can't install that software you brought from home.
"But I paid..."
"For a copy that is licensed only your home machine. Unlicensed software could get us sued......"
"Well I don't see why..."
A few of those and few more who insist on local administrator access to their machines (and you know they don't know jack shit) and you start wanting to rein in the worst of the chaos.
I know Policy can go too far but some of the worst problems are caused by someone who took aim at their own feet with a shotgun and managed to blast a few innocent bystanders in the process.
The pit crew of an auto racing team runs around fixing things. Abused things, damage that could be avoided if they took the keys away from the drivers. But, guess what? That's their job, fixing things, and its essential to the success of the team.
While not as bad, I've taught one of our jr. maintenance programmers these tips this week;
Tab / Shift-Tab
Ctrl-C / Ctrl-V
Ctrl-Z / Shift-Ctrl-Z
Process not product.
If using Access, how and why splitting the front end from the back can be useful.
The registry and why it can be useful.
How to write and answer a defect report.
How Windows and Unix have the same general parts (with examples).
Process not product. Process not product.
Why installation programs can't be trusted.
Program dependencies.
Moving as much as possible from the client to the server has multiple benifits for maintenance/development/security/... even if it is not a web app.
Network concepts; why security management here should make you run in horror. Really.
Did I mention process, not product?
The list above is far from complete. I consider it part of a crash course on doing things the right way.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
AMEN brother! Speak on it!
You make me proud! How many times did I have my ass handed to me for doing my job?! Back in the day I did an enterprise level Norton Antivirus roll out. In 1 week over 50,000 virus infected files were found, and they told me to TURN IT OFF because they didn't like the fact that laptops were getting scanned at lunch. (They go home at night, when else can they be updated or scanned!)
And so I followed the direction, and 2 weeks later I was handed my ass along with the I Love You virus.
GOD DAMN IT!
I have had to spend more hours than I care to count fixing something some developer broke because his manaager forced us to give him administrative access on his machine.
Riiight, its so easy to develop drivers when you dont have root...
Anyway- I'm not saying your dev's not dumb- perhaps he is. If he was good enough he wouldnt have to ask you for root, he'd take it.( single user mode- or use one of the infinite windows local privilege escalation exploits )
I just wanted to say though, that having run into stingy netadmins before, what good are they if they prevent work from getting done? Your job is supposed to be providing facilities- not denying access to them.
That's not your C: drive. That's my C: drive.
Not to be rude, but unless you also own the company that's not your drive either. You seem to be making the exact same error the person you replied to made in thinking that just because you work with it, you have any actual ownership. He's a cog, you're a cog, I'm a cog - live with it.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
I've seen this troll before on a related topic. What this 'admin' fails to realize is that the company computer network does not exist for the purpose of providing system administrators with power trips and an empire to control. It exists to provide value to the company. How much value does it provide when programmers need to ask the network monkey to come and change a setting so they can compile something? How much productivity is lost because people don't have the ability to install so much as a new font? If you can't run a network where you have a centrally monitored anti virus and firewall system along with a good data backup/recovery methodology, which does not require keeping the system completely locked down from everyone, then find a new job. Most admins for companies large and small have this figured out. Why don't you?
Don't be bitter. I'm not that important. I work at a company where 70%+ of the Technical Staff have graduate degrees, and I'm probably in the lower half of the pay-scale. I doubt we spend as much time & effort hiring our support personnel (which may go to the crux of the problem). My only point was, whoever decided to implement this system did not do a very good job at assessing how much of a pain-in-the-ass it would be for end-users; and when they were making their ROI calculations, they probably neglected to include the cost to the company for an end-user to sit on hold for 10 minutes in order to cancel a print job. No slight was intended.
I'd like to add that the driver doesn't need an mp3 player, a dvd player, fuzzy dice, leopard skin seats and a goofy steering wheel to race, even though thats what eventually winds up on people's desktops when they have admin rights. Most users are far from race car drivers, they're fucking 90 year old ladies doing 30 MPH in the left lane with their blinker perpetually on.
I'd like to know from any other admin types out there: how many n00bs have you helped/trained/berated that have no concept of a corperate network and/or username/password vs Intarweb thingy and screename/password, yet have no problem changing their desktop wallpaper to their favorite child/popstar/pet, moving their menubar then setting it to autohide "So noone can find it but me", then changing their cursors to some rediculously large animated animal thing.
rename user.dat user.man
I don't. Computers are tools, they are used to make money. IT often seems to have the belief that computers are an end unto themselves. Allah forfend that anyone actually use a system in a way not forseen by the all knowing IT dept.
The only time that I ask for support is when hardware fails. I ask IT to replace it, they re-image the drive, I tell them that didn't work, repeat until I complain to my boss.
I understand the need for IT, I just hate the practice of it :)
[Set Cain on fire and steal his lute.]
In one case I had a program printing a rather large amount of data to a lineprinter. Since the buffer on such a printer is not that large it would hang while waiting for the printer to do its thing. Users complained (and rightly so), and I put in a thread to make the printing fully asynchronous. Next I was told by my boss that threads were unacceptable, since "they cause crashes".
Well, I can imagine how a highly complex multithreaded application can run into problems, but a simple worker thread, with a simple interface to the rest of the application, well-protected by a mutex, is perfectly safe. But no; in some unspecified project in a long-forgotten past there had been a Problem (the details of which were of course, long lost) and as a result I was not to use threads since that ancient project, written by someone else in another part of the world, might somehow contaminate my program and cause the same problem here. Yeah, right.
In the end I was saved by the bell - by the time my manager found out the project was already into acceptance testing (and doing just fine), and removing the thread would obviously be A Change, which would necessitate a new expensive acceptance test cycle. Since it never caused problems, the offending thread was allowed to live.
Of course at this time (five years later or so) everybody remembers that there was a responsiveness problem in a _PRE-RELEASE_ version of the software. That problem was fixed BEFORE RELEASE, and has never resurfaced. But with each new release we are still diligenty checking for "recurrence of responsiveness problem", because, hey, you cannot really trust those programming types right?
Don't misunderstand me here: actually I don't mind we are checking for a known old problem. What gets me is that nobody remembers what that problem actually was, or that we solved it about an hour after it was detected. What is the value of doing such a test if you do not know what you are testing for?
And of course this is just the tip of the iceberg. I have, at times, been forbidden to use threads, exceptions, templates, multiple inheritance, sockets (!?), and various other C++ features on account of all of these "causing crashes". One boss made me promise never to reuse code because that way I would also "reuse all the bugs".
It has became something of a hobby of mine to track policies to their initial event, and more often than not you find some minor problem (that could easily be solved, and more often than not _was_) has been blown out of all proportion, becoming a guiding principle for entire departments or even companies. And if nothing else, that's pretty sad...
So could the system admins here please realize that us users just want to do our work, with as little hassle as possible? Try to make that possible, hard as it sometimes is. And remember, while you are important to the company, so are your colleagues. Yes, even that cute secretary who opens every single attachment and whose best two attributes are sticking forwards (you could think of here as the "morale officer").
And could the users, in return, perhaps treat their sys admins as real people? Because, you know, they are. Next time you have a computer problem, call your system guy over, _honestly_ tell him what happened ("I opened the attachment"), and then offer to get him some coffee while you are waiting for him to fix your machine. A bit of appreciation goes a long way to establishing a good working relationship, and it will guarantee you get a top response time in future problems.
If we don't have a policy on your unforseen use I can guarantee we will by tomorrow, we have procedures to deal with that. Admittedly sometimes the answer will be along the lines of "No, we won't open port 6667 outgoing so you can use IRC. Not even from just your MAC address." but we attempt to accommodate and reasonable request. In the IRC case the potential security implications outweigh the need of a developer to access an IRC channel. Use Google and deal with it.
In the case of new software it must be tested, authorised for use on the network, a diff of the system pre/post install made (for asset management) and instructions on default configuration for our network issued to the engineers nationwide. This will take a day or two so you can't have your new software right now but the SLA on software installs is 5 days so we'll still get it there on time.
We can't forsee every possibility but we can have procedures in place for dealing with requests that fall outside the spec. The minor inconvenience caused by working within these procedures is more than made up for by having a network that we know works reliably and the response time of our engineers to real problems is faster because we aren't dealing with machines that the user has managed to make a mess of by tinkering or installing potentially dodgy software.
I know, this may come as a surprise to many sysadmins, but you are in the customer service business. Your function in life is to make sure that people can get their work done as efficiently as possible. You may regard marketing and sales as a menage of moronic monkeys, but they bring in the money--you don't. If they ask you for something, even if it sounds stupid to you at first sight, you have to listen patiently, be nice, and figure out the best way in which they can be helped. If their request doesn't make any technical sense to you or can't be implemented, explain to them in the nicest possible way why and try to come up with another solution in cooperation with them.
Sorry, but what kind of idiot puts up a web page with such colors (dark green on black) and then complains about his customer and/or boss stupidity??? Your page is unreadable on my monitor.
I'm not asking for bending of rules -- I'm asking for different rules for different levels of user competence.
Yea, but what this comes down to in the actual environment is that you're asking the admin staff to risk having to do extra work, to risk staying late to fix your machine, to risk costing your company money. You're asking them to risk that based purely on your word that you "know what you're doing". How many self-proclaimed IT experts have you met who are actually completely clueless?
I appreciate that you don't like the way the parent described things, but unfortunately that is exactly the way they are and will stay for a long time in most companies. Its CYA CYA CYA in IT, and don't expect that to change just to make your life easier.
no access at all (much less write access) to most of your own C: drive.
/etc and /sbin on Unix, much less write access to /
Much like not being allowed read access to the entire
I don't know what exactly you do for work, but unless you're a software developer, there should be no reason for you to tamper with the install. And I would argue that even application developers should do just fine without these privilegues. They can write, compile and test their programs without advanced privilegues.
(Application programmers will of course need to test the installation process as well, but that should be done on dedicated machines, preferrably virtual ones.)
As an administrator I would refuse to take any responsibility for any setup where users are not strictly confined to what is essential for their job. And I'm saying this as a developer. Of course I work under Unix, where I can install any programs I really need in my home directory, without any advanced privilegues.
--- The light at the end of the tunnel is probably a burning truck.
Maybe you should have stayed silent.
i instituted locked-down workstations at work. i also went with mozilla for browser and mail, and uninstalled outlook from all the desktops. no e-mail viruses, fewer problems with system-level spyware, fewer problems with unauthorized programs installed. keep in mind that all of our several hundred windows workstations have internet-routable IP addresses - no firewall (sorry, that's not up to me).
do i get recognition for doing the right thing and saving hundreds of IT support hours, and several hundreds more of our users' lost productivity? no. i get cranky users because they can't upgrade their own programs and change system settings, and management sulks because their mail program is "different from home".
point being: users don't notice the ABSENCE of problems; they just notice the small "sacrifices" that must be made in order to keep things running smoothly.
now i know how parents feel when kids give them the evil eye for making them eat their vegetables.
i need a new job.
pr0n - keeping monitor glass spotless since 1981.
Are you for real? Ever tried to do webdevelopment in a company that mandates a NT 4 workstation installation?????
Get real, help your developers when they ask you about things. Where I work the admins gave us (developers) admin rights and the (friendly, not anal like some of you sysadmins seem to be) admin told us about licenses and that kind of thing. He knew we would otherwise hack ourselves into the system in order to be able to get our job done, so instead he choosed to help us.
When I want to install a program that isn't in the default installation, I mostly consult him first as well. Why, because he is helpfull instead of a anal paranoid prick like some of you think they should be.
Sure, but the analogy breaks down in a networked environment: Yours isn't the only car for which they are responsible, and they *all* have to work. In addition, the damage caused to a racing car is the natural result of its environment and use.
In a workplace with an IT staff, you aren't responsible for fixing your computer, they are. I've rarely seen a situation where locking down a computer, when done properly and with attention to the task(s) which that computer is to perform, hampers the user. The few times that it has, rectifying the problem is easily accomplished.
Most times, the people that resent not having full access to "their" computer are exactly the ones that shouldn't have it in the first place, either because they lack an understanding of how it fits into the rest of the network, are by nature inclined to play around with it and cause headaches for those that have to correct the resulting problems, or both.
User failures happen just as often as hardware failures, I've found, and even the most intelligent user doesn't necessarily have the knowledge needed to ensure that changes made to the PC that has been assigned to their use won't adversely impact others.
There's an inherent arrogance in your post, which is probably why you posted AC: You think that your job *requires* full access to "your" computer. That's doubtful, but possible - and if it were, a rational conversation with your IT staff should establish that.
And here's the sentence that confirms your arrogance for me: "Abused things, damage that could be avoided if they took the keys away from the drivers"... normal use of a computer doesn't include abusing it in any manner.
Sure, there are things that might involve "abusing" the computer - driver development and testing come to mind as one example. But if you're doing that, it's very unlikely that the PC that is assigned to you for that task is locked down.
It's more likely that you're a user that discovered that he/she doesn't have full access to "their" computer, resent what you think impugns your technical knowledge, and worse, prevents you from using "your" computer for things other than those for which it was assigned to you. Here's a clue for you: They didn't target you specifically when they locked down "your" computer.
Well, probably. It's possible that they *did* target you, because you proved that you couldn't be trusted not to abuse full access to it. If that's the case, good for them, I say.
To paraphrase your opening sentence: You're making that incredibly naive assumption that you need full access to "your" computer, and that not having it somehow hampers you from using it to perform your job duties. Guess what? It's not likely.
Just my opinion.
-dj
I'm pretty sure you are misunderstanding what he meant by "produce nothing valuable". This is extremely different from "is not valuable to the company"; "produce nothing valuable" means "creates nothing that can be sold to the customer for profit". The point being that an IT department's sole purpose is to make life run more smoothly for everyone else. Having a stable network servers no purpose by itself; no company's buisiness plan is "We'll set up a company that has a really good IT department, and hope that we magically make money" (excluding, of course, IT consulting companies).
So the point is, being a BOFH means you are doing the opposite of your job; making life harder for the revenue-generating people. The BOFH mindset is "I, and my network, are the most important thing". The good IT mindset is "Making sure that I, and the network, make the things that create profit easier is the most important thing". Sometimes it may look like an IT department is being a pain in the ass; if it's for a greater overall good, then great, but if it's only for the IT department's good, then the IT department is failing.
That doesn't mean that the IT guys should be treated like crap, or given no power/respect; as you say, they often serve a vital role in the company. But unless they are fulfilling that role, they are 100% dead weight, or worse.
Lets see you say this when someone hacks your network through privilige escalation, downloads the SAM file off of your Windows Domain Controllers and cracks everyone's passwords?
Firewalls and managed AV servers are a good start (as well as AV running on your web proxy), but what good does that do against the threat from within?
How many people actually take the time to disable unused protocols on their networked printers? I always love the reply "What's a hacker going to do to my printer? Not let me print?". They've never had anyone hack into a printer and change it's IP address to that of your router!
You MUST try to be proactive! Use port security, port protect, dynamic VLANS. Use whatever is at your disposal to secure your network against ALL threats, known and unknown.
Wait a minute. I got it. You could play with your magic nose goblins.
Without the janitors, the shit gets messy real quick.
Not that this justfifies an ego, but janitors need some love like everybody else.
"I have a 1.7GHz P4, with 256M of ram, and a 17" (non-flat screen) monitor. Obviously the ram is a sore spot since I have to run win2k."
:D
not to be labled a flamer, but that made me laugh a bit, since i've had p200s running win2k on 64mb of ram easily... what you need to do is turn off kazaa, close slashdot, and do some work
I've rarely seen a situation where locking down a computer, when done properly and with attention to the task(s) which that computer is to perform, hampers the user.
Probably because you're not the user.
The few times that it has, rectifying the problem is easily accomplished.
Yes. Something along the lines of "Tough. That's the policy," with arms folded and $DIVISION_VP phone number on speed dial usually seems to work with little effort.
Most times, the people that resent not having full access to "their" computer are exactly the ones that shouldn't have it in the first place, either because they lack an understanding of how it fits into the rest of the network, are by nature inclined to play around with it and cause headaches for those that have to correct the resulting problems, or both.
Ah, yes. IT people know all and the developers are only there to make IT's job of keeping the cubicles the proper shade of gray more difficult.
Nice and adversarial. Just the way corporate management likes it. That way, when you have a good, smart programmer, management will always be able to find someone who will say "they aren't a team player because they changed their start menu" as support to fire them and destroy their career.
Just for reference, most programmers are far FAR more clueful than assumed by most IT people. Everything else is just a pissing contest.
But if you're doing that, it's very unlikely that the PC that is assigned to you for that task is locked down.
This presumes a level of management cluefulness that is unknown in normal space.
It's more likely that you're a user that discovered that he/she doesn't have full access to "their" computer, resent what you think impugns your technical knowledge, and worse, prevents you from using "your" computer for things other than those for which it was assigned to you.
And most IT people have discovered that some user is screwing up "their" computer, resents what they think impugns "their" policy and worse, prevents them from having total control over "their" computer for things other than those for which "they" think it should be used for.
That's why there are no such policies in this company. When I discover such a policy, I overrule it and throw it in the trash. If the people who build things that we sell need something, they'll have it by lunch, period.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.