Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Management and User Consequences?

Posted by ryuzaki0 on from the battle-between-adminis-and-computer-saavy-users dept.

NNWizard asks: "I work in a large university in Belgium where the people in charge of university computer systems want to install LANDesk on every single computer connecting to the university network. The aim is to be able to manage software and provide centralized remote user support. In the old days, every department had computer guys dedicated to the department, and they knew all about the users and their needs. Now, they want to make the management of computer resources global. In most non-engineering faculties this is well accepted, however in the Applied Sciences Faculty the users are computer savvy -- they do not like the idea of giving out control of their computers to people they don't know. What experience does Slashdot have with such a situation? Was the deployment of LANDesk (or a similar software package) a good or a bad thing for the users? How were the privacy issues tackled? Were people still able to use their computers the way they wanted to use them?"

6 of 139 comments (clear)

  1. At my company... by parasonic · · Score: 5, Interesting

    We simply use the freeware version of RealVNC. When employees first join, they have to give up rights to "privacy" for the I.T. people. We respect official business, but unless it's someone high up in the company is working on some sensitive information, we typically assert our authority as our workers should only be working on official business.

    If you are concerned about privacy, I'd look into something simple like VNC if you have the management software to know who's using what computer when. It works VERY well with us and is very versatile--I can't tell you how many times it has saved our butts from having to drive 300 miles when we just put a VNC connection over an SSH tunnel at a remote jobsite.

    1. Re:At my company... by glorpy · · Score: 5, Informative

      Academics are a very different beast from for-profit corporations. Faculty are effectively BOFHs, as they are absolutely vital (they bring in serious outside funding and desirable students and press) and are very tempermental. Faculty do not appreciate or enjoy administrative work. Schools are generally lucky if they can get them to teach well, let alone learn anything not directly related to their research.

      The software used in labs tends to be poorly coded at best. Downright hacks from the Stone Ages are not uncommon, even on $50K microscopes (how many of your microscopes run Windows 95?!), so IT is going to have to be very careful in defining "computers".

      Have the heads of IT, along with engineers and project managers, meet with Department Chairs, Deans, the Faculty Senate, and any star faculty. Individually and en masse. Throughout the planning, implementation and follow-up stages. Keep clear lines of communications open at all times. Be prepared for quick, courteous responses to irate and unreasonable faculty. Whatever you do, though, do NOT allow the faculty to define the terms of their relationship with IT. They are horrible clients; they don't know what they want, communicate it even worse and have the power to make your lives miserable. Perhaps the Marketing department can be hired to help out?

      I wish the OP the best of luck with this endeavor. And with the future job hunt when faculty come back screaming at the Deans, only to have them turn around and blame IT.

  2. I don't think so.... by jipis · · Score: 5, Interesting

    I gotta say: As an admin, I enjoy having the ability to remotely see what's going on on my machines. If they're users' desktops, it's much easier to just get a view of their screen (think PC-Anywhere) than to keep asking them what they see now only to get half answers and useless replies.

    That having been said, what the university wants to do is 1) completely different and b) a Very Bad Thing. In my case, *I* am the admin and the machines are *MINE* . The university is looking to force anyone who wants to use its network to give them root on their machines? Puh-lease. It's time for departments who don't want to lose control of their PCs at this university to start looking for an outside ISP. Chances are there's already money in the budget for it: they probably kick in to the general IT infrastructure budget already.

    -J

  3. They're full of crap by ltbarcly · · Score: 5, Insightful

    People who believe that they 'know about computers' are the biggest problems from an administration standpoint. Of all of my users, the ones who don't think they know how to manage their computer end up doing a lot less damage than those users who think they know what they are doing.

    And the worse part is, people who THINK they know all about computers are also the ones who will blame YOU when they hose their installation of Windows. Frankly, I find it unlikely that these engineers need the control of their computers. More likely they want to install unapproved software and various adware bullcrap which will bring your network to a crawl.

    I say this from experience. Initially I thought it would be OK to give some 'expert' users local admin rights, so that they wouldn't have to call the help desk in those situations where they simply want to install real player to listen to Rush Limbaugh or whatever else these dopes do. However, they instantly manage to get spyware, trojans, keyloggers, and other worms and viruses. They do this despite fully updated Microsoft Spyware (granted, it is a beta) and fully updated antivirus software.

    It is only recently, as we moved to managed antivirus software, that I began to understand the amount of damage these people were doing. I now get reports of virus activity, and I am never going to make the mistake of giving a user local admin rights again. It is easy to do, but they will abuse it, and taking it away is 1000x as hard as just sticking to a policy of never doing it. Once you give in they will know that you can bend the policy, and when you take it away you are telling them through your actions that you don't trust them to know what they are doing.

    And the one thing these people always think is that they somehow know what they are doing.

    Let me make it a simple maxim: 'If you are not responsible for the maintenance of a computer, you WILL NOT UNDER ANY CIRCUMSTANCES have administrator rights on said computer.'

    1. Re:They're full of crap by jipis · · Score: 5, Insightful

      I think you're missing something important here. The admin rights are being taken away from the local heretofore admins in favor of giving them to the corporate-level admins. As an admin to whom this has happened, I can tell you that this policy change / procedure change / whatever marketing-speak term you want to give it is a Very Bad Thing. The corporate IT people -- even if they know what they're doing (personally, I've found that too many ppl at the "corporation-wide" IT support level know less about computers than my dog) -- cannot do as good (good at all??) a job at the admin stuff as a local admin could.

      -J

  4. My experience is only anecdotal, by munpfazy · · Score: 5, Insightful

    But, I've worked in three somewhat different academic research environments.

    1 - One central admin for all the desktop machines in a massive department, no one else gets root on any machine.

    2 - One central admin who is mostly an advisor, people are allowed to administer their own desktop machines if they want.

    3 - Free-for-all, in which most groups have one or two principle computer gurus who handle multi user servers and almost everyone administers their own desktop machines.

    #3 is far and away the best. In #2, no one that I knew of actually took them up on the remote administration option, essentially reducing it to #3. #1 was a nightmate for everyone. When the deparment computing committee tried to talk everyone into switching to something closer to #1, we all resisted fiercely and eventually they backed down.

    In an environment where people are actually using their computers as research tools, rather than as expensive notepads with which to writeup the results of their research, it pays to place control at the lowest feasible level. Every time a user is forced to ask someone else to fiddle with software, it adds *days* to what should be simple tasks.

    Sure, you create an occasional security risk when a bad user fails to install patches. But, there's no comparison between the number of man hours spent on dealing with those sort of incidents and the amount of wasted energy in trying forcing every minor change to go through a central administrator.

    In a computer lab or a corporate environment, you might be able to make a case for central administration. For academics, it's just crazy. (And I suspect enforcing it will just drive everyone to switch to personal laptops instead, in addition to pissing them all off.)