Slashdot Mirror

← Back to Stories (view on slashdot.org)

IT Practice Within Microsoft

Posted by michael on from the yummy-dog-food dept.

SilentChris writes "Good article over at CNet regarding Microsoft's internal IT practices. Some intriguing statements from the CIO, from the obvious ('It's an easy choice for me--to run Microsoft technology. We don't run Unix. We don't run Linux. We don't run Oracle.') to the not-so-obvious ('Our users are the admins of their machines. They can load whatever software they want on their machines, but we do audit the network continuously.') I wonder how much time is spent combatting spyware?"

25 of 508 comments (clear)

  1. Common by over_exposed · · Score: 2, Interesting

    Our 800+ users all have local admin rights on their machine. Why? We run some software that doesn't work otherwise. It's an AS400 client that needs admin rights to install updates to the client.

    Now, in all fairness, there is a way around it (and we're exploring it). The problem is, that while revoking local admin rights for our users would save us lots of time and effort in combatting spyware, etc, we'll use that time manually updating the AS400 client software.

    --
    "The object of war is not to die for your country, but to make the other bastard die for his." - Patton
  2. Don't run unix, eh? by TheGrayArea · · Score: 4, Interesting

    I guess that means they finally upgraded the phone system. Back when I worked there in Developer Suppport (98-03) the phone system for our incoming customer calls ran on a Unix system. To run the phone monitoring application and see the various queues you had to run an X-desktop emulator (Hummingbird I think) to run the monitoring app. I always thought that was funny at the time.
    We were allowed to pretty much install anything we wanted to. I had tons of command line tools, perl and other stuff installed along the way.
    Oh, and lots of guys had Linux boxes running at their desks along the way as well.

    --

    This space for rent.
  3. Are they even allowed to ... by Anonymous Coward · · Score: 1, Interesting

    'Our users are the admins of their machines. They can load whatever software they want on their machines, but we do audit the network continuously.'

    Could that be why they don't run Linux or Unix? It would be interesting to know if they reprimand those who want to run linux, unix or solaris? Policy with regard to people choosing to run open source products, on their machine, would also be interesting.

  4. They STILL use some UNIX systems..to Compile Win.. by TheCeltic · · Score: 3, Interesting

    Is it not true that they use Suns to compile windows itself? Because they need the huge multiprocessor power of a real computer (130+ cpu's)? What about (noso)hotmail? There are still BSD systems running there. I guess the article is only talking about workstations?

    --
    =-=-=-=-=-=-=-= - The Celtic - =-=-=-=-=-=-=-=
  5. Dell by mushupork · · Score: 1, Interesting

    Dell spent millions trying to migrate off Compaq Tandem and onto Windows Servers for their core manufacturing database. They were going to use 100% Dell hardware damnit! Millions of dollars later, Tandem was alive and well.

    Can anyone at Dell confirm Tandem is still the heart of the mighty beast?

    --
    Currently bidding on sig
  6. Totally Incoherent Answers by warriorpostman · · Score: 5, Interesting
    Obligatory rant here...how do they know it's the best product if they never run anything non-microsoft.
    As a policy, I don't run anything that competes with Microsoft. My goal is to make sure Microsoft products are the best products in the world. It's an easy choice for me, in that sense--to run Microsoft technology. We don't run Unix. We don't run Linux. We don't run Oracle. We're 100 percent Windows, SQL Server.
    What does the following mean? Other than an incoherent repetition of the above.
    We do, in areas on the client, have an open-source client running--just for competitive analysis. As an IT organization, I have no skills and no ability and no purchasing of those products. We don't even run J2EE. Everything is .Net.
    This guy really earned his title as Chief Information Officer. When I read this interview I got flashbacks of video clips of Iraq's Minister of Information making all those bizarre claims about the invasion.
  7. Re:No wonder they're laggin behind... by sphealey · · Score: 4, Interesting

    A few years ago I read an interview with Novell's IT Director. She stated that she had NT, Unix, etc running on her network and when asked why replied that there were two reasons: because she deployed the best application for any purpose regardless of platform, and so that Novell employees would experience what their customers experience.

    I know which philosophy I as a customer prefer my vendors have.

    sPh

  8. Re:Nice Knee-Jerk by Anonymous Coward · · Score: 1, Interesting

    Seems kinda crappy that those tools you use need root access to run...

  9. Re:Hmm by Mundocani · · Score: 4, Interesting

    I'm a former MS developer/employee and we could install anything we wanted period. There were never any restrictions other than the stuff you'd expect such as no pirated software, etc. There were login scripts which ran every time you signed into corpnet and you were required to run anti-virus software (eTrust). Bridging to the public internet from corpnet was also prohibited for obvious reasons. Beyond that, it was a very trusting environment. Even WiFi was deployed many years ago on campus, something a friend at Oracle says they aren't allowed to have to this day.

    Neither our admin. assistants or QA people had any restrictions either, but I don't know about the receptionists. They sure seemed to play a lot of those boring built-in Windows games, so maybe they weren't allowed to install other software. I never asked them.

  10. Re:No, that one is obvious too by Anonymous Coward · · Score: 1, Interesting

    I work as a senior J2EE technical architect for a cable tv / isp / telco company. a big part of my job is evaluating new technologies i.e installing software.

    I have an XP workstation and the powers that be won't give me local admin access, so I basically can't do my job.

    Today the upgrade of a production app server failed because some support monkey decided to reboot a firewall while it was happening. That's right, a support monkey is allowed to reboot a piece of production equipment whenever they feel like it without consulting anyone, but as a highly qualified and highly paid Java expert I am not trusted to install the Java Virtual Macine on my own workstation.

    My previous job was working in global equities at a large investment bank, we had to pass a full background and credit check before they let us in the building, but we had local admin access of our workstations because IT knew we needed it in order to work effectively.

    Somehow I don't think I will be here much longer...

  11. Re:No wonder they're laggin behind... by danheskett · · Score: 2, Interesting

    It's impossible for Novell to eat only their own dogfood. Microsoft, on the other hand, can and should be forced to do exactly that.

  12. Re:Software company, not bozos by jellomizer · · Score: 2, Interesting

    Being a Smart and talented software engineer doesn't make you capable of administrating their own system. Sure a large percentage are but there are still an other large percentage that arn't. Many good Software Engineers take what they are doing for granted and assume themselves as computer gods. Thus being sloppy in there computer safety skills. Running as administrator when they don't have to. Installing conflicting libraries, or just the fact that they are Software Engineers they might just want to poke around in the OS a little to much. Hey what does this do, then the next day their computer wont boot. I have seen some very talented software engineers who don't know about a lot of basic System Administration skills such as proper removal of software they will just go and delete the folder leaving all the bits and peaces all around. For home they can have all the access they want but when they are at work thy should have access to what the need to be efficient and nothing more.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  13. they must be admins by multi+io · · Score: 2, Interesting
    the not-so-obvious ('Our users are the admins of their machines. They can load whatever software they want on their machines

    Note the subtle line of reasoning there -- what he implied to say is "Our users are the admins of their machines *so* they can load whatever software they want on their machines". Which is perfectly obvious, because it appears that on Windows, to do anything even slightly more advanced (like, say, installing new non-trivial software), you have to be an admin. Personally, I don't know of any Windows development shop where the programmers aren't admins and don't each have their own personal single-user PC...

  14. Re:No wonder they're laggin behind... by tomhudson · · Score: 3, Interesting
    Funny how they (Microsoft) change their story as time goes on ...

    Remember this (the original link no longer works, but a copy of the relevant text was preserved) http://support.microsoft.com/support/kb/articles/Q 80/5/20.ASP

    http://www.elists.org/pipermail/lugga/2000-May/000 468.html
    - quoted below, describing Microsoft's process for making their master CDs using UNIX:

    -snip-

    Release Insertion Into Manufacturing Network

    The master is read into a UNIX-based disk duplication system. The system creates an exact disk image of the master, duplicating the format and data. A duplicated masters is created from the original read in image. This silver master is used by the Product Group in their review, before they sign-off. The silver master is not to be used in the Release to Manufacturing (RTM) process. The golden master, delivered by the product group to the release group, is the original image, and is released to manufacturing when the final approvals are received from the product groups.

    -snip-

    Duplication Process

    Disks are duplicated on a variety of industrial strength, quality focused systems. Most of these systems are UNIX-based. The UNIX-based duplication systems used in manufacturing are impervious to MS-DOS-based, Windows- based, and Macintosh-based viruses. The few MS-DOS-based and Windows-based standalone duplication systems do not allow MS-DOS-based operating systems to access the duplication system. Virus protection systems used by these MS-DOS-based and Windows-based duplication systems strictly govern the duplication process, even when they are not running.

  15. Re:No wonder they're laggin behind... by Profane+MuthaFucka · · Score: 2, Interesting

    That would be impossible, because it's a violation of the Oracle license to do a benchmark. MS would never violate the license, I am sure.

    --
    Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
  16. I like this question: by LilMikey · · Score: 2, Interesting

    Do you use any Linux?
    As a policy, I don't run anything that competes with Microsoft. My goal is to make sure Microsoft products are the best products in the world.

    Ah, the old 'bury your head in the sand' technique. It works well. Maybe if they actually *tried* linux they could see what pisses disenfranchised Windows users off or where these TCO numbers come from.

    --
    LilMikey.com... I'll stop doing it when you sto
  17. Re:Admins of their own machines by LurkerXXX · · Score: 3, Interesting
    Apparently you can't read. He didn't say they were Administrator if their DOMAIN. He said they were the admin of their own machine. HUGE difference. Apparently you have no clue how MS domain/security works.

    And as far as for being an admin of your machine, it does not mean you are running as admin all the time. Locally most folks here have an admin username they can log into to install software on their machines when needed. They also have a regular normal username they use to log in as a normal user to do their work.

  18. Re:No *nix? by sg3000 · · Score: 2, Interesting

    > I don't run anything that competes with Microsoft. My goal is
    > to make sure Microsoft products are the best products in the
    > world. It's an easy choice for me, in that sense--to run
    > Microsoft technology. We don't run Unix. We don't run Linux.
    > We don't run Oracle. We're 100 percent Windows, SQL Server.

    100% Windows? Wow, that must make the Macintosh BU's development efforts pretty hard.

    Although I agree that Microsoft should use their own products wherever possible, the interview with the CIO sounds like it was really written by the marketing department:

    > If I were to leave Microsoft, the first thing I would do is go to
    > Microsoft and say, "I want to be your first and best customer.
    > How do I get all of the products early?"

    That would be the first thing he'd do? Not, "I'm sick of the viruses! I'm ripping your stuff out unless you fix the security flaws in Outlook!"

    --
    Insert simplistic political, ideological, or personal proselytization here.
  19. They use(d) unix in their network operations dept. by Anonymous Coward · · Score: 1, Interesting

    That's funny.

    A year ago I applied for a Unix operations position in their network management department.

    (I have a family to support; fortunately I didn't have to take the job.)

    In the last year they axed all the Unix boxes?

    Doubt it.

  20. Re:Software company, not bozos by gad_zuki! · · Score: 2, Interesting

    root and administrator really can't be compared. root in UNIX exists because of the legacy system of multi-user time-sharing mini-computers. Admin/user in windows exists almost purely for sys administration tasks. So in the UNIX world its very easy to get software that runs with its permissions system, in windows you'll be surprised how many apps try to write to system32/temp or windows/temp instead of the local profile.

    Sure, they are similiar concepts but in practice they're very different. Windows is for the PC desktop/everyone owns one revolution, UNIX was for the "holy crap we can have accounts on computers" revolution.

  21. Re:No wonder they're laggin behind... by FuzzyBad-Mofo · · Score: 2, Interesting

    Embrace and extend, though that might be part of "Illegally use monopoly power to extend monopoly into new markets."

  22. Apple and Cray by kanweg · · Score: 2, Interesting

    I once read that Apple were using a Cray to design a computer or something, and Seymore Cray was amused, because he used an Apple to design the next Cray.

    We foreigners can only laugh when we hear that a guy at Coca Cola was fired because his wife had bought him a Pepsi.

    Bert

    Who wonders how hard it would be for Slashdot to detect themselves that if a message doesn't contain HTML it is POT and should be formatted accordingly.

  23. Re:No, that one is obvious too by Anne+Thwacks · · Score: 2, Interesting
    Tool Technology Support

    Actually, he is called a tool setter, and that IS how its done.

    --
    Sent from my ASR33 using ASCII
  24. "We don't run Linux" by quigonn · · Score: 2, Interesting

    Ah, why have they then bought 200 (in words: two-hundred) boxes of Caldera's Linux distribution (forgot the name, it was before Caldera was the new SCO) a few years ago...?

    --
    A monkey is doing the real work for me.
  25. (JUST GUESSING) by pilsner.urquell · · Score: 2, Interesting

    root@urquell:/home/jwblack# nmap -vv -sS -O -P0 -T Insane microsoft.com

    Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-12-14 18:11 MST
    Initiating SYN Stealth Scan against cps.microsoft.com (207.46.130.108) [1660 ports] at 18:11
    Discovered open port 80/tcp on 207.46.130.108
    Discovered open port 443/tcp on 207.46.130.108
    The SYN Stealth Scan took 29.36s to scan 1660 total ports.
    Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
    For OSScan assuming that port 80 is open and port 36502 is closed and neither are firewalled
    For OSScan assuming that port 80 is open and port 36846 is closed and neither are firewalled
    For OSScan assuming that port 80 is open and port 35462 is closed and neither are firewalled
    Host cps.microsoft.com (207.46.130.108) appears to be up ... good.
    Interesting ports on cps.microsoft.com (207.46.130.108):
    (The 1658 ports scanned but not shown below are in state: filtered)
    PORT STATE SERVICE
    80/tcp open http
    443/tcp open https
    Device type: general purpose|router|firewall
    Running (JUST GUESSING) : NetBSD (89%), Cisco IOS 11.X (88%), DEC IOS 10.X (88%), Microsoft Windows 95/98/ME (88%), Cabletron embedded (88%), HP HP-UX 11.X (85%), IBM AIX 4.X (85%), Secure Computing embedded (84%)
    Aggressive OS guesses: NetBSD 1.5_ALPHA i386 (89%), Cisco 4500 router running IOS 11.2(2) (88%), Cisco 1601 (IOS 11.0) or DECbrouter90T1 (Runs Cisco IOS 10.2(5)) (88%), Microsoft Windows 98SE + IE5.5sp1 (88%), Cabletron Smart Switch Router 8600 (88%), HP-UX B11.00 U 9000/839 (85%), IBM AIX 4.3.2.0-4.3.3.0 on an IBM RS/* (85%), Secure Computing SECUREZone Firewall Version 2.0 (84%)
    No exact OS matches for host (test conditions non-ideal).
    TCP/IP fingerprint:
    SInfo(V=3.70%P=i686-pc-linux-gnu%D=1 2/14%Time=41BF 8F81%O=80%C=-1)
    TSeq(Class=TR%IPID=RD%TS=0)
    T1(R esp=Y%DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
    T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
    T3(Resp =N)
    T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
    T5(Re sp=N)
    T6(Resp=N)
    T7(Resp=N)
    PU(Resp=N)

    TCP Sequence Prediction: Class=truly random
    Difficulty=9999999 (Good luck!)
    TCP ISN Seq. Numbers: C39D59C2 61104197 94FC38E7 8CA9A951 6EF250A1 CBBC3177
    IPID Sequence Generation: Randomized

    Nmap run completed -- 1 IP address (1 host up) scanned in 69.782 seconds
    root@urquell:/home/jwblack#

    I personally consider 89% a good bet.