Dealing with Network Politics and Insecure Users?

Rob asks: "I work at a large university as an IT support person for one of the college's Novell networks, and I frequently find that my hands are tied on security issues--highly paid, highly respected professors do not like to see the words 'Access Denied', not even on their secretaries' screens. They routinely share their passwords, leave their machines unlocked, and go weeks on end without rebooting. They demand Administrator access on their local machines. They demand Internet Explorer have minimal security (but it's our fault when they get a piece of spyware). So, Slashdot community, I ask you this: how do you limit a user's access without making it look like you're limiting their access?"

Here

[KDan]

is the ultimate guide.

Enjoy!

Daniel

Learn to say "no"

[fmaxwell]

I ask you this: how do you limit a user's access without making it look like you're limiting their access?

You don't. You limit their access and tell them that they have to live with it. Explain to them that security is inconvenient and that they have to be adults and accept it. It's your job to secure the network and it's their job to teach the students, so make a deal with them: You won't tell them how to teach their courses and they don't tell you how to run the network.

Re:Learn to say "no"

[override11]

I run into this with a sister company here. You need to engineer a situation that illustrates how the current low security causes your company to loose money, in front of the professors as well as your management, and then offer a solution of increasing security. When you get your management on board with increasing security, it will work. What rankles the professors is that someone lower on the totem pole is dictating to them what they can and cant do (its an ego thing). Take it to the next level, and they wont complain. :)

Get a backbone

[Yankel]

You either have a network policy or you don't.

I deal with this kind of stuff on a different level. I manage an intranet and need to deal with people wanting things 'their way,' only to have them complain when their way is the wrong way.

I get them to e-mail me acknowleding that this is against my recommendations or against policy X. When it blows up the first time, I fix it and hopefully gain his or her trust.

If he or she is still pig-headed one major experience or a couple minor ones, put solving their problem at the bottom of your list of priorities. Remember, you hold the power.

Just remember to have them acknowledge in writing or via e-mail that whatever they're demanding is against your recommendation or policy if you can't convince them to back off.

And if you run out of ideas, just follow Simon's lead http://bofh.ntk.net/Bastard.html.

Re:not to troll, but...

[topham]

The problem is IT isn't treated like your local mechanic, if you (general) treated your mechanic the way people treat IT he would tell you to take your car elsewhere.

When a mechanic tells you it will take 3 hrs to fix your car, but confirms it might be less and he'll call you as soon as it's done you accept it.

When IT says the problem will take 3 hours to fix you tell them they have an hour.

When the mechanic says sorry, it took longer than 3 hours because ... , you'll be upset but let him do his job.

When IT says sorry, it's going to take longer than expected you tell them to wrap it up and fix it later. Later never comes and the problem migrates until it hits critical priority and they have 15 minutes to fix what would have taken an hour more to fix previously, but now they aren't sure how to proceed since it was left in an unknown state.

And, you blame them for the problem in the first place; regardless of their lack of any prior involvement.